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Abstract 

We define the syntax and reduction relation of a recursively typed lambda 
calculus with a parallel case-function (a parallel conditional). The reduction is 
shown to be confluent. We interpret the recursive types as information systems 
in a restricted form, which we call prime systems. A denotational semantics is 
defined with this interpretation. We define the syntactical normal form approx- 
imations of a term and prove the Approximation Theorem: The semantics of 
a term equals the limit of the semantics of its approximations. The proof uses 
inclusive predicates (logical relations). The semantics is adequate with respect 
to the observation of Boolean values. It is also fully abstract in the presence of 
the parallel case-function. 

Keywords: lambda calculus, recursive type, parallel conditional, parallel or, 
confluence, denotational semantics, information system, approximation theorem, 
limiting completeness, inclusive predicates, adequacy, full abstraction 

1 Introduction 

In his seminal paper |Plo77] . Gordon Plotkin explores the relationship between the 
operational (reduction) semantics and the denotational semantics of the functional 
programming language PCF. PCF is a call-by-name typed lambda calculus with the 
ground types boolean and integer, and any functional type. In order to compare 
operational and denotational semantics, one defines a notion of operational observation 
and a preorder on terms induced by this notion. In the case of PCF, the observation 
is of integer values only, and the preorder is denned by observation of arbitrary terms 
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through integer contexts. The closed terms of ground type integer are singled out as 
programs. Programs are regarded as the only terms whose syntactical values (integers) 
can be observed directly. If the semantics of a program M is an integer value i, then 
M can be reduced to i. This result is called the adequacy of the semantics. (The 
denotational semantics is simply called the semantics here and in the following.) 

A more general result about terms of any type is the Approximation Theorem 
or limiting completeness, as proved in |Wad78] for the untyped lambda calculus and 
in |Ber79j for PCF. The approximations of a term M are defined, roughly, as the 
normal form prefixes of the reducts of M. The Approximation Theorem states that 
the semantics of a term equals the limit of the semantics of its approximations. 

Plotkin's programme proceeds as follows: The operational preorder on terms is 
defined as M C N iff for all contexts C[ \ such that C[M] and C[N] are programs: if 
C[M] reduces to a value i, then also C[iV]. If «S[M] E «S[iV], where S is the semantics 
function, then M C N; this follows from adequacy. The converse, if M C N then 
<5[^0 — ^[^L i s n °t true for PCF with only sequential operations. This is due to the 
fact that there are parallel functions in the semantic model, like the parallel or, that 
cannot be defined syntactically. But when a parallel if-operation, or the parallel or, is 
added to the syntax, then "if M □ iV then S{M] C S[N]" holds. This is called the 
full abstraction of the semantics; the operational and denotational preorders on terms 
coincide. 

We elaborate the programme above for a call-by-name recursively typed lambda 
calculus and establish similar results : Approximation Theorem and adequacy for the 
sequential or parallel calculus and full abstraction for the parallel calculus only. 

Chapter 2 defines the syntax and the reduction relation of our calculus. Types are 
built up from the separated sum +, the cartesian separated product x, the function 
space — >, and recursion. Every recursive type denotes a possibly infinite type tree. 
Recursive types with the same type tree are regarded as equivalent. Terms are built 
up from variables, A-abstraction, application, and constants for the type constructors 
+ and x. Among the constants is a parallel case operation pease. The operational 
semantics is defined by the one-step reduction — > of a redex in any context. We prove 
that reduction is confluent. For the proof we use the confluence theorem of [Miil92j 
which says roughly: The combination of the lambda calculus with a confluent, left- 
linear and not variable-applying algebraic term rewriting system is confluent. 

The subsequent chapters explore the semantics. We use information systems to 
give the semantics of recursive types [LW911 IWin 93j . Chapter 3 introduces a spe- 
cialized form of information systems that we call prime systems: Here the predicates 
of consistency and entailment are given by binary relations on the set of primes (= 
tokens). Prime systems were first introduced for different purposes under the name 
event structures in |NPW81] and shown to be equivalent to prime algebraic coherent 
partial orders. We transfer the results of |LW91j to our prime systems: The class of 
prime systems is a complete partial order under the substructure relation <. We define 



1 INTRODUCTION 



3 



operations on prime systems corresponding to our type constructors +, x, — > and show 
that they are continuous. 

This enables us, in Chapter 4, to give a semantic interpretation of type trees and 
recursive types as prime systems. The interpretation of finite prefixes of a type tree 
gives a <j-chain of prime systems; the interpretation of the whole type tree is the limit 
of this chain. Note that the primes at one level of the chain are directly contained in 
the following levels; there is no need for embedding-projection pairs as in the inverse 
limit solution of recursive domain equations. This is an advantage of the concrete 
representation of domains by information systems or prime systems. Anyway, this 
concrete representation of domain elements by sets of primes will be needed to prove 
full abstraction. Chapter 4 also gives the semantics function S on terms and proves its 
soundness: Reduction does not change the semantics of terms. 

Chapter 5 proves the Approximation Theorem. We define a prefix order -< on terms 
where the constant Q is the least term. A normal form A is an approximation of a term 
M iff there is a reduct N of M such that A -< N' for all reducts N' of N. The set A{M) 
of approximations of M is an ideal and can be seen as the syntactic value or Bohm 
tree of M. For the parallel calculus, it is not possible to define approximations by an 
analogue of head normal forms. But for the sequential calculus (without pease), we 
give two analogues of head normal forms to define alternative sets of approximations. 
The Approximation Theorem says that the semantics of a term equals the limit of the 
semantics of its approximations. This is proved by the inclusive predicate technique, as 
it was used in [MP87j to prove the analogous theorem for the untyped lambda calculus. 
We adapt the technique to prime systems: We give an inductive definition of the 
inclusive predicates (logical relations) on the primes of our prime system interpretation 
of types. 

Chapter 6 proves adequacy and full abstraction of the semantics. We have to define 
a notion of observation and the corresponding operational preorder on terms. We 
choose to observe the values and 1 of type bool = void + void, where void is the type 
of just one bottom element. So our programs are the closed terms of type bool. For 
a program M we define the operational value C[M] as or 1 if M reduces to or 1 
respectively, and as _L otherwise. The Adequacy Theorem says that C?[M] = <S[M]_L 
for every program M; it is a consequence of the Approximation Theorem. 

The operational preorder on terms is defined as M C iV iff for all contexts C[] such 
that C[M] and C[N] are programs, 0[C[M]] C 0[C[iV]] holds. Again we have: If 
«5[M] C «S[iV], then M C N, as a consequence of adequacy. Full abstraction, M C N 
iff <S[M] C «S[iV], is proved for the parallel calculus. As in [Plo77] the proof is based 
on the Definability Lemma: For all finite elements d of a semantic domain there is a 
term M with <S[M]J_ = d. The proof uses the representation of elements as sets of 
primes. 

The last Chapter 7 proves that the pease-function is definable from the parallel and 
function. 
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Related work 

Recently, |Win93] gave two recursively typed A-calculi with their denotational seman- 
tics, by information systems, and proved the adequacy by the inclusive predicate (log- 
ical relation) technique. The first calculus has an eager (call-by-value) operational 
semantics. The second one has lazy (call-by-name) operational semantics like ours, 
but a different notion of observation is chosen: For every type certain terms are singled 
out as canonical forms. For product types these are the terms (M,N), for sum types 
inl(M) and inr(M), and for function types the terms Xx.M. The observation that is 
made of terms is the convergence to a canonical form. The given denotational seman- 
tics is adequate with respect to this notion of observation. This means that a term 
converges to a canonical form iff its semantics is not bottom. Especially, the semantics 
of every term Xx.M is not bottom, whereas we have <S[Ax.O]£ = _L. 

Finally some remarks on coalesced sums and the observation of termination for all 
types. We did not include the coalesced sum in our type system, only separated sums. 
The coalesced sum of two domains is the disjoint union of the domains, with the two 
bottom elements identified. A coalesced sum would demand strict constructors in I: 
t — > t © g and inr: g —>■ r © g. These constructors have to evaluate their arguments 
to a non-bottom value before they can be used by a case-operation. (In contrast our 
corresponding constructors and 1 are non-strict; they can be used without evaluated 
argument.) But the detection of non-bottom values is a complicated task for functional 
types, when we assume our denotational semantics of functions. On the other side I see 
no use for coalesced sums of functional types. Therefore I think that coalesced sums 
should be restricted to non-functional types, so that e.g. the recursive definition of 
the flat cpo of integers becomes possible. The check for non-bottomness of functional 
values, if it is desired, should be programmed using special functions incorporated in 
the language, e.g. Plotkin's "exists" operator. 

[Cos89j constructs evaluators for a recursively typed lambda calculus with coalesced 
sums and strict, coalesced products of any type. The notion of observation for these 
evaluators is the observation of termination for terms of all types. The relation of op- 
erational and denotational semantics is given by the property of "complete adequacy" : 
The semantics of any term is non-bottom iff its evaluation terminates. This ensures 
the detection of non-bottomness for coalesced sums. The work succeeds with a trick: 
The semantic domains are lattices; top elements (that are not syntactically definable) 
are added to the domains. Thus a term like Xx.ifx (\fxQ0) Q, whose normal semantics 
is _L, now becomes non-bottom. For the normal cpo semantics only a vague sketch of 
an evaluator is given. 

There has been later work proving adequacy for a lazy functional language with 
recursive and polymorphic types, also using information systems [BC94] . 
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2 Syntax and reduction 

2.1 Types 

We adopt the syntax of the recursive type system of |CC90llCC91| . Especially, recursive 
types are considered equivalent if they have the same unfoldings as regular trees. But 
instead of type constants we have some more type constructors besides The type 
expressions are given by the following grammar, where t stands for elements of a 
denumerable set Vt of type variables: 

r ::= t|r + r|rxr|r^r| fit.r | void 

Tjj is the set of all type expressions. is the set of all closed type expressions, called 
types. 

We give the informal meaning of types in terms of domains: 

a + r is the separated sum of a and t, 

a x t is the cartesian separated product of a and r, 

cr — ► t is the space of continuous functions from o to r, 

fd.r is the fixed point of the mapping t i— ► r, the solution of the recursive domain 
equation t = r, 

void is the canonical notation of the undefined type; it has the same meaning as txt.t. 

In |CC90] it is called Q. The corresponding domain has just one element _L. 
We define the simple types by the grammar: 

t ::= void \ t + t\ txt\t-^t 

T is the set of all simple types. It is T C T°. 

Definition 2.1 The void-prefix order -< C T x is the least partial order satisfying: 

1) void -< r for all r G T^, 

2) a ^ cr', r -< t' a @r -< a' @ r' 

for @ e {+, x , — >}, o~,r E T, and cr', r' G T£. 

-< is a partial order on T. For every a, r G T with an upper bound there is a least 
upper bound a U r G T. denotes the ideal completion of T, i.e. the set of ideals of 
simple types, ordered by C. Here ideals are sets / of simple types that are non-empty, 
downward closed: r G / A a -< r c G /, and directed: for all cr, r G J there is £> G / 
with a ~< g and t ~< g. The elements of are called type irees and are also denoted 
by cr, r, 0. 

We define void G as void = {void}. For @ = +, x, — > and cx,t E T^ we define 

a @ r = {void} U {cr' @ r' | o' G cr A r' G r} 

Every type tree of has one of the forms void, u + t, axr, a^r with unique 
cr,T G r^. 
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Definition 2.2 The unfolding ~» C x is the least relation satisfying: 

1) fit.r ~> rf/it.r/t] 

The right term is the replacement of /it.r for all free occurrences of t in r; it is also 
closed. Note that /xt.r does not contain free variables that could be bound after the 
replacement. 

2) r ^ t' => (r @ cr) ^ (t' @ cr) and (a @ r) ^ (a @ r') for @ G {+, x,— >}, 

~> reduces only one outermost redex /it.r. The outermost redexes are disjoint, 
therefore ~> fulfills the diamond property: If r ~> a and t ^ g, then there is ?/> with 
cr ~> -0 and i/j. 

is the reflexive, transitive closure of ~k It is confluent: If r a and r ^* 
then there is ip with a ?/> and g ip. 

If a -< T and r r', then also a -< r', for all cr G T and r, r' G T^. 
For every r G we define the unfolding 

r* = {a E T \ 3t' E T;. r ~>* r' and a -< r'} 
Proposition 2.3 r*eT m . 

Proof: We have to show that r* is an ideal. It is non-empty, void G r*, and downward 
closed. It is also directed: Let a, g G r*. Then there is r' with r ~-»* r', cr -<; r' and r" 
with r ^* t", c> -< r". As ^ is confluent, there is ?/> with r' ~->* ip and r" ~»* 0. It 
follows o~ -< ip and g -< ip, therefore o~U g -< ip and a U g G r*. ■ 

Definition 2.4 We define an equivalence relation pa on types by: cr pa r iff cr* = r*. 

« is decidable |AC90j . 

2.2 Terms 

For every type r G there is a denumerable set V r of variables of type r. The sets 
V T are mutually disjoint. Their members are denoted by x T , y T , . . . There is a set C of 
constants with types ctype : C — ► T£. 

General untyped terms are built from variables and constants by application MA 
and (A-)abstraction Xx.M, without regarding the types. A is the set of all untyped 
terms. 

We give rules for the formation of typed terms; M : a means: M has type cr, cr G T° : 
(const) c : ctype(c) for c G C 
(var) x a : cr 

(— > I) M : r \x a .M : cr ->• r 
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HE) M : cr ^t,N : a => MN : r 
(«) M : (j,o- « r => M : r 

Terms are considered equal modulo ct-conversion. We abbreviate Xx.Xy.M as Xxy.M. 
Often type superscripts of variables will be omitted. T is the set of all typed terms. 
The type of a typed term is unique up to ~, so the inference rules could be given for 
type trees instead of types. T a is the set of all terms with type cr e or with type 
tree cr G X^. 7^ c is the corresponding set of all closed terms. In the following chapters 
terms will always be understood to be typed. 

For every type cr we can define a fixed point combinator: 

Y a = \y™.()&&^\y(xx))(\x» t < t -* a \y(xx)) : (cr -> cr) -> a 

Remark: We have given a type system with rule (~) instead of explicit conver- 
sion operators between the types fit. a and a[fit.a/t], called rep/abs, unfold/fold or 
elim/intro in [Win93[ ICos89[ IAC90[ IGun92j . There are untyped terms that can be 
typed in our system, but not in a system with explicit conversion, even with the intro- 
duction of arbitrary rep/abs in the term. E.g. let M = Y(Xfx.f) and N = Y(Xfxy.f) 
in (vM,vN). In this term, M and N must have the same type, which is impossible in 
an abs/rep-system. In our system the types of M : fit. a — > t and iV : fit. a — ► o — > t 
are equivalent. Moreover our type system with rule (~) has principle type schemes. 
A system with the weaker congruence ~, as the smallest congruence (w.r.t. type con- 
structors) such that fit. a ~ a[p,t.a/t], lacks this property |CC90t ICC91] . 

Our special set of constants consists of the following symbols for all types a, r, g: 

CTjT : cr ^ (cr + r), also called "inleft" in the literature 

l CTjT : t — > (ct + t) , also called "inright" 

case CT T (? : (cr + r) — > (cr — > g) — > (r — > g) —> g, sequential conditional 

pcase CT : (a + r) — > g — > ^ — > parallel conditional. Note the type different from 
case's type. 

pair^ : a — » r — > (a x r), pairx?/ is also written (x, 
fst CT:T : (cr x r) — > cr 
snd^r : (a x t) ^ t 

Q a : cr, the canonical undefined term of type cr. has the same denotational 
semantics as Y r7 (Xx cr .x) . There are no reduction rules for Q. 

We will frequently omit the type subscripts of the constants. The term rewriting 
system will treat them as single symbols. Notice that we do not introduce these 
operators by special term formation rules for the types a + r and cr x r, as it is often 
done, but as constants of higher order types that can be applied by normal application. 
0, 1, pair are the constructors for building up the canonical terms of type a + t, a x t 
respectively, case, pease, fst, snd are the corresponding evaluators. We will usually 
write instead of OQ and 1 instead of 1Q. 
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We could also include in our calculus separated sum types with a different number 
of components than two. A special case would be the type constructor lift with just one 
type argument. It adds a new bottom element to the domain of the type. The constants 
for this type constructor would be £ a : a — > (lifter) and lcase CTiT : (lifter) — > (er — > r) — > r, 
corresponding to and case. We omit this type constructor as it can be treated 
analogously to +. 

Examples of common types and their canonical terms: 
void fit.t has just one element, denoted by fi vo id- 

bool = def void + void OO 10 

ft 



bitstream = dcf /xt.t + t 0(0O) 0(10) l(0O) 1(10) 



OO 
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O 




nat = dcf /it.void + i, succ(succ 0) = 1(1(00)) 1(1(10)) 
the lazy natural numbers: \. 

succ 0^1(00) l(lO) 



= 0Q 



boollist =dcf /it.void + (bool x t) 

boollist is the type of lists of elements of bool, 

e.g. vo id,booixbooiiistO V oid : boollist, simply written as without type subscripts and un- 
defined term Q , the empty list, 

e.g. lvoid,booixbooiiist(lvoid,voidO vo id, Ovoid, booixbooiiistOvoid) : boollist, simply written as 1(1,0), 
the list of one element 1. 

Note that "infinitely branching" domains, like the flat domain of natural numbers 
of PCF, cannot be defined in our type system because the type constructor of coalesced 
sums is missing. 



2.3 Reduction 

We define a reduction relation — > on terms. It performs a one-step reduction of a single 
redex in any context. It is the least relation satisfying: 
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(P) the /3-reduction rule: 

(Xx.M)N -> M[x:=N] for any terms M,N and variable x, where M[z:=iV] 
is the substitution of N for the free occurrences of x in M, with appropriate 
renaming of bound variables of M, 

three context rules: 

(app) M -> M' =>• MAT -> M'N, 
N -> A^' =>■ MAT -> MN' , 

(A) M -> M' =>- Ax.M -> Ax.M', 

and a set of applicative term rewriting rules for the constants, where the 
variables x, y, z, u> denote arbitrary terms: 

(caseO) 
(easel) 
(pairl) 
(pair2) 
(pcaseO) 
(pcasel) 
(pcaseOO) 
(pcasell) 
(pease x x) 
(pease — >) 

—>* is the reflexive, transitive closure of — >. 

Note the order of parameters of case: y is the 0-part, 2; is the 1-part. The function- 
ality of case permits the definition of the usual evaluators "outleft" and "outright", so 
that we need not introduce them with reduction rules: 

outO^T- : 
outO = def 
outl^r : 
outl = def 

pease is not a sequential function, as it forces its three arguments to be reduced 
in parallel. As soon as the "boolean value" of its first argument appears, a reduction 
with rule (pcaseO) or (pcasel) can be made. As soon as the second and the third 
argument convey the same piece of information, namely a constructor 0, 1 or pair, 
this piece of information can be drawn out of the pease-expression according to rule 
(pcaseOO), (pcasell) or (pcasex x). If the second and the third argument are of func- 
tional type, then the argument w of the pease-expression can be drawn in according 



case (Ox) y z — > y x 

case (lx) y z — > z x 

fst (pair a; y) — > x 

snd (pairx y) — > y 

pease (Ox) y z — > y 

pease (lx) y z — > z 

P case a,T, go+8l x (Oy) (Oz) -> (pcase^^ xyz) 

P c ^ e a,r, ei)+ei x 0-z) -> 1 (pcase CTT ^ xyz) 

P case a,r, ei x e2 x (yi,V2) (zi,z 2 ) -> (pcase^^ x y 1 zi, pcase^^ x y 2 z 2 ) 

(pease xyz)w -> pease x (y w) (2 w) 



(a + r) — > a 

Ax. case x (Xy.y) Q 

(a + r) — > r 

Ax. case x f2 (Xy.y) 
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to rule (peases), so that (y w) and (z w) can deliver constructor information before 
the evaluation of x is finished. Note that pease appears on the right sides of its rules 
(pcaseOO)-(pcase^). It performs a recursion on the type tree of its second and third 
argument. We could think of a parallel conditional with the same type as case. But 
for such a conditional it is more difficult to implement this recursion by rewrite rules; 
in fact we would need conditioned rewrite rules with A-abstractions and outO, outl in 
the right sides. 

Proposition 2.5 Our reduction relation — > fulfills the subject reduction property: If 
M : a and M — >* iV ; then also N : a. 



Proof: The property can be checked for each reduction rule. 



Theorem 2.6 (Confluence) — > is confluent ( Church- Rosser) on typed terms: 

For any typed term M G T with N <— * M —>* P there is a term Q with N ^* Q <— * P. 

(N,P,Q are also typed with equivalent types due to the subject reduction property.) 

Note that the restriction of M to typed terms is essential, as can be seen with the 
term pease x (Oy) (Oz) w. This term is not typable, as (Oy) is not of function type. 
It reduces to pease x (Oy w) (Oz w) by rule (pease— and to 0(pcase x y z) w by rule 
(pcaseOO). This critical pair does not converge to a common reduct. 

Proof: We will use the confluence theorem of |Mul9 2]: For every left-linear, not 
variable-applying ATRS (applicative term rewriting system) with reduction relation 
— > and every — ^-closed set T of terms: If — > is confluent on the applicative terms of T 
then — > is confluent on T. We explain the notions of this theorem in our context: 

The applicative terms are the terms without any A-abstraction, i.e. they are built 
only from variables, constants and application. An ATRS is a set of pairs (L— s>i?) of 
applicative terms, where L is no variable and all variables of R appear in L, too. In 
our case, the ATRS is the set of reduction rules (caseO) . . . (peases). Together with 
/3-reduction and the context rules (app) and (A) it determines the reduction relation 
— > on terms of A. It is left-linear, i.e. every variable has at most one occurrence in each 
left side of the rules. It is not variable-applying, i.e. no left side of any rule contains a 
subterm of the form (xM), where x is a variable. In our case, T will be the set T of 
typed terms. T is — ^-closed, i.e. for every M e T the following hold: 

1) M — > M' =^ M' G T, the subject reduction property, 

2) every subterm of M is in T, 

3) for every occurrence u of an abstraction in M, M/u = A . . ., there is a variable x 
not occurring in M with M[u <— x] G T. 

We use the same notations for occurrences of subterms and replacement at an occur- 
rence as [Hue80l IMiil92j . In condition 3 we chose a new variable of the appropriate 
type. 
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Now it remains to prove the confluence of — > on the set A of applicative terms 
of T, i.e. the confluence of the ATRS alone, without /5-reduction. Our theorem, the 
confluence of — ► on all terms of T, follows by the cited theorem. 

From now on, — ► is the reduction relation on applicative terms of A. We will first 
prove that — > is locally confluent on A via convergence of critical pairs, then prove 
that — > is noetherian (terminating, strongly normalizing) and conclude the confluence 
of — > on A by Newman's Lemma (Lemma 2.4 of [Hue80] ) . Local (or weak) confluence 
of — > on a set T of terms means: For any M G T with N <— M — > P there is a term 
Q with N ^*Q^* P. 

Notice that the sufficient conditions for confluence in [Hue80j that check only con- 
vergence of critical pairs, without termination, are not applicable here: Huet's Lemma 
3.3 is almost applicable (Corollary: Any left-linear parallel closed term rewriting sys- 
tem is confluent), but it demands of the critical pair: 

y w <— (pease (Ox) y z) w — > pease (Ox) (y w) (z w) that there should be a parallel 
reduction step: yw — > pease (Ox) (yw) (zw). Note that the right term of a critical pair 
is defined by a reduction at the root. The lemma demands a parallel reduction step 
from the left to the right term, not an arbitrary reduction. But in our example there 
is only a reduction in the opposite direction. Toy 88 Corollary 3.2] gives a sufficient 



condition more general than Huet's Lemma 3.3; it is also not applicable here by the 
same reason. 

For the proof of local confluence of — > on A we will apply a generalized version 
of Lemma 3.1 of |Hue80j : "For any term rewriting system 1Z: The relation — is 
locally confluent iff for every critical pair (P, Q) of 1Z we have P J, Q, i.e. P and Q 
have a common reduct." This lemma cannot be applied directly, as the non-typable, 
non-convergent critical pair given before this proof shows us. It should state local 
confluence on certain subsets of terms which resemble sets of well-typed terms, similar 
to the — ^-closed sets of terms above. This leads us to: 

Definition 2.7 A subset T of terms is called —>••£- complete for a term rewriting system 
with reduction relation — >n if for every M G T the following hold: 

1) M - - R M' > \l' G T, 

2) every subterm of M is in T, 

3) for every set of occurrences Ui, . . . , u n of the same subterm N in M, i.e. M/ui = N 
for all i, there is a variable x not occurring in M with M[ui <— x] . . . [u n <— x] G T. 

Let us recall the definition of critical pairs of a term rewriting system. 

Definition 2.8 Let (5— >T) ,(L—>-R) be two rules whose variables are renamed such 
that L and S have disjoint variable sets. Let u be an occurrence in L such that L/u is 
no variable and L/u and S are unifiable with substitution \i as the most general unifier. 
The superposition of (S^T) on (L—>R) in u determines the critical pair (P, Q) defined 
by P = {jiL)[u <— fjT], Q = fiR. It is P <— jiL — > Q. We call \iL an overlap of the 
critical pair (P, Q) . 
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Our generalization of Huet's Lemma 3.1 is now: 

Lemma 2.9 For any term rewriting system TZ and complete subset T of terms: 
The reduction relation — >n is locally confluent on T iff for every critical pair (P, Q) of 
1Z with an overlap in T we have P [Q. 

Proof: (sketch) The proof is essentially the proof of Lemma 3.1 in |Hue80] . The "only 
if" part is trivial again. For the "if" part we add the assumption M G T. Case 1 
(disjoint redexes) and (prefix redexes that do not overlap) are the same as 

in [Hue80j . Case 2b deals with overlapping redexes: An overlap of the critical pair 
is obtained from the subterm M/u\ by replacing some subterms by variables. It is 
M/u\ e T according to condition 2 of —^-completeness. The replacement of subterms 
by variables is possible according to condition 3 of ^^-completeness, so that the overlap 
is in T. Thus P { Q by hypothesis, and the proof proceeds as in |Hue80| . ■ 

We use the lemma to show local confluence of — > on A. A is ^-complete. Eight 
critical pairs with an overlap in A remain to be checked for convergence: 



(Oy) <— pease (Ox) (Oy) (Oz) — > 0(pcase (Ox) y z) 

(ly) <— pease (Ox) (ly) (lz) — > l(pcase (Ox) y z) 

(Oz) <— pease (lx) (Oy) (Oz) — > 0(pcase (lx) y z) 

(lz) <— pease (lx) (ly) (lz) — > l(pcase (lx) y z) 

(Vi, V2) «- pease (Ox) (y u y 2 ) (z u z 2 ) -> (pease (Ox) y 1 z 1 , pease (Ox) y 2 z 2 ) 

(z 1 , z 2 ) <- pease (lx) (y h y 2 ) (z l7 z 2 ) -> (pease (lx) y x z 1 , pease (lx) y 2 z 2 ) 

yw<— pease (Ox) y z w — > pease (Ox) (y w) (z w) 

z w <— pease (lx) y z w — > pease (lx) (y w) (z w) 



We prove now that — > is noetherian on applicative terms. (This will also be used in 
the proof of Lemma 5.3.) We define a mapping if from applicative terms to {2, 3, . . .} 
inductively by the following equations: 



ipM 


= 2, if M is a variable or a constant 


y?(0M) 


= 2-ipM 


<p(lM) 


= 2-ipM 


V?(pcase M) 


= 2-ipM 


y?(pcase MN) 


= 2-ipM-ipN 


y?(pcase MNP) 


= 2 • (pM ■ tpN ■ tpP 


<£>(pair M) 


= 2 + ipM 


(^(pairMA^) 


= 2 + LpM + ipN 


ip(MN) 


= ((pM) vN , for all other applications MN 
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By simple computations we show for every reduction rule (L—*R) that (pL > (pR, 
where variables of the rule stand for arbitrary terms. The two interesting rules are: 

(pease x x) pease x (pair y\ y 2 ) (pair z\ z 2 ) — > pair (pease x y\ z\) (pease x y 2 z 2 ) 

p>L = 2 • px ■ (2 + (pyx + ipy 2 ) ■ (2 + ipz t + ipz 2 ) 
ipR = 2 + 2 ■ (px ■ (pyi ■ <pzi + 2 ■ (px ■ (py 2 ■ p>z 2 
(pease —>) (pease xyz)w — > pease x (y w) (z w) 
<pL = TP W ■ {ipx) vw ■ (VVT W ■ {<pz)* w 
(pR = 2 ■ (px ■ (p(y w) ■ <p(z w) 

For the last rule (and some other) we need the fact that {(pM)' pN > ip(MN) for all 
terms M, N, which we prove by analysis over the term M. 

It remains to show that a reduction at any position decreases the (p- value of a term. 
We prove that 

tpN > <pN' cp(MN) > ip(MN') 

and that 

(pM > p.M' and M ■ •> M' > <p(MN) > (p(M'N) 

for all terms M, N, M', N' by analysis over M. 

We have now proved that M — >• ^> ipM > ipN. Thus there are no infinite 
reduction chains. From this and the local confluence of — > on A follows by Newman's 
Lemma the confluence of — > on A. As explained above, the confluence of — > on all 
typed terms follows from the theorem of [Miil92] . ■ 

3 Prime systems 

We introduce prime systems as concrete representations of domains, together with 
operations on them corresponding to the type constructors +, x,— k The results of 
this chapter are taken from [LW91] , where they were given for the more general 
information systems. 

Definition 3.1 A prime system A = (A, f , <) consists of 
a set A (the primes, denoted by a, b, c), 

a reflexive and symmetric binary relation | on A (the consistency) , 

and a partial order < on A (the entailment) , 

such that for all a,b,c G A: If a | b and c < b, then a f c. 

PSys is the class of all prime systems. 

Prime systems were first introduced in |NPW8l] under the name "event structures" , 
where the elements of A were interpreted as events of a computation process. (Instead 
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of consistency there was the dual conflict relation.) Here we chose a different name 
because we do not interpret the elements of A as events, but as pieces of information, 
as in information systems. A prime is an elementary, indivisible piece of information 
about data elements. The relation a < b means that whenever b is valid of an element, 
then so is a. a f b means that both primes a and b may be valid of an element. 

Every prime system determines an information system in the sense of |LW91j : The 
set of tokens is A. A finite subset X of A is consistent (X £ Con) iff for all a,b £ X, 
a | b. For X G Con and a G A we define X h a iff 36 G X. a < b. We use the simpler 
prime systems instead of information systems as they are just suited for our data types. 

Definition 3.2 The elements of a prime system A = (A, |, <) are the subsets d C A 
that are downward closed: a < b A b G d =^ a G d, and consistent: a ] b for all 
a,b G d. 

\A\ is the set of elements of A. We call |.4.|, ordered by C, the domain of A. The 
least element is also denoted by _L. 

For X C A we write X{ = {a G A | 3b G X. a < b}, also a{ for {a}{. The finite 
elements of A are defined as the elements of the form Xj for finite ICA 

We will give the characterization of the domains of prime systems from [NPW81] . 
First some domain theoretic definitions. 

Definition 3.3 Let (D, □) be a partial order. A subset of D is pairwise consistent iff 
any two of its elements have an upper bound in D. (D, □) is coherent iff every pairwise 
consistent subset of D has a lub. 

p G D is a complete prime iff for every S C D, if the lub U S exists and p C U S", 
then there is d £ S with p ^ d. 

(D, □) is prime algebraic iff for every d & D the set {p C (i | p is a complete prime} has 
o? as its lub. 

Theorem 3.4 lNPW81f Let A = (A, |, <) 6e a prime system. Then (|*A|,C) is a 
prime algebraic coherent partial order. Its complete primes are the elements a{ for 
a £ A. 

It follows that {\A\, C) is also an algebraic cpo. Its isolated (or finite, compact) elements 
are the finite elements defined above. 

Conversely, let (D, □) be a prime algebraic coherent partial order. Let P be the 
set of complete primes of D, and a j b iff a,b £ P have an upper bound. Then 
V = (P, |, ^) is a prime system with (\V\, C) isomorphic to (D, □). 

This theorem explains our name for "primes" . From this characterization we only 
need the fact that the domain of a prime system is a cpo, i.e. has lubs of directed 
subsets. These lubs are the set unions of the elements. 

As in |LW91j we define a complete partial order on the class of prime systems and 
continuous operations on prime systems. 
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Definition 3.5 Let A = (A, f^, <a) and B = (BAb,<b) be prime systems. We 
define A < B iff A C B and for all a,b e A: a j ^ 6 a |_b 6 and a <a b ^ a < B b. 

A<B means that A is a subsystem of £>: A C B and f/i, <A are the restrictions of 
Tb, <b on A. If A < £ and A = B, then A = B. 

Theorem 3.6 < is a partial order with _L = (0, 0, 0) as least element. If Ao <! Ai < . . . 
is an uj-chain of prime systems A-i = (Ai, fj, <,), i/ien 

UA = (UA,UTi,U<*) 

is the lub of the chain. 

Proof: Clearly < is a partial order, _L is the least element. 
Now for the chain Ai let A = (A, f, <) = (U A h \Ji h, U <*) • 

A is an upper bound of the chain: Ai C A for all i Let a, o G Aj. If a |j 6, then 
a | b. Conversely, if a | 6, then a, o G A,- and a fj b for some j. If j < i, then 
Aj < Ai] if i < j, then Ai < Aj. In either case follows a |i Analogously we show 
a <i b a < b. 

A is the least upper bound of the chain: Let B = (B, <#) be an upper bound 
of the chain. Then A = {j i A i <Z B. Let a, 6 G A. Then a, 6 G A, for some i We have 
a] b a ti <^ a Is ^ and a < 5 <^ a <i b a < B 6. ■ 
We extend < to n-tuples of prime systems. 

Definition 3.7 For n > 1, PSys n are all n-tuples (Ai, . . . , A n ) of prime systems. We 
define 

(A 1 ,...,A n )<(B 1 ,...,B n ) & A 1 <B 1 A ... A A n <B n . 

Proposition 3.8 < is a partial order on PSys™ with (_L, . . . , T) as /easi element. All 
increasing uj-chains in (PSys n , <j) have a least upper bound taken coordinate-wise. 

Definition 3.9 Let F : PSys n — > PSys be an operation on prime systems. 

F is called monotomc iff A < £ =>> F(A) < F(B) for all A, £> G PSys". 

F is called continuous iff it is monotonic and for any a>chain of prime systems Ao <! 

Ai < . . . in PSys n , F(|Ji A) = U-^(Aj). (Since F is monotonic, F(Aj),i > 0, is an 

ascending chain and \J i F{Ai) exists.) 

Proposition 3.10 F : PSys n — > PSys is monotonic (continuous) iff it is monotonic 
(continuous) in each argument separately (i.e. considered as a function in any of its 
arguments, holding the others fixed). 
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Thus to show that an operation is monotonic or continuous we have to show that 
some unary operations are monotonic or continuous. The following lemma will help in 
these proofs. 

Definition 3.11 F : PSys — > PSys is continuous on prime sets iff for any cu-chain of 
prime systems A < A < . . . each prime of F(Ui A) is a prime of (Ji -F(A)- 

Lemma 3.12 F : PSys — ► PSys is continuous iff F is monotonic and continuous on 
prime sets. 

Proof: The "only if" part is obvious. 

"if" : Let Aq < A <j . . . be an u;-chain of prime systems. From Ai <j Uj A and mono- 
tonicity follows F{Ai) < F(Ui A)- Then U-F(A) < ^(U A)- As F is continuous on 
prime sets, the primes of Ui-^XA) are the same as those of F(Ui A)- Therefore they 
are the same prime systems. ■ 

Operations on prime systems 

We give continuous operations on prime systems corresponding to our syntactic type 
constructors void, +, x, — >. 

Corresponding to void is the prime system _L = (0, 0, 0). It has the only element = L. 
Separated sum + 

Definition 3.13 Let A = (A, To, <o) and A = (A, Ti> <i) be prime systems. De- 
fine A + A = (B,l<) by 

B = B UB 1 

where 5 = {0} U ({0} x Aq) and B x = {1} U ({1} x A t ), 

a | b <^ (a, b E Bq and if a = (0, a ), & = (0, b ), then a to &o) 

or (a, b E Bx and if a = (1, ax), 6 = (1, then a x &x), 

a<6 a = 0, & G Bo 

or a = 1, 6 G Bi 

or a = (0, a ), & = (0, & ), a <o &o 

or a = (1, ai), b = (1, ai <i b±. 

Proposition 3.14 A + A\ is a prime system. Its domain is 

|A + A| = {0} u {{0} u ({0} x d) I d e |A|} u {{1} u ({1} x d) \ d e |A|}. 

We abbreviate the element {0} as and {1} as 1. 
Theorem 3.15 + is continuous on (PSys, <). 

Proof: It is easy to show that + is continuous in its first and second argument, using 
Lemma 13.121 ■ 
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Product x 

Definition 3.16 Let Aq = (Aq, to, <o) and Ai = (Ai, Ti, <i) be prime systems. De- 
fine A x Ai = (B, t, <) by 

B = ({0}x A )U({l}x A x ), 





a = 


(0,ao), 


b = 


(0,6o), 


To ^0 


or 


a = 


(l,ai), 


b = 


(Mi), 


ai Ti &i 


or 


a = 


(0, ao), 


b = 


(1A) 




or 


a = 


(1, ai), 


b = 


(0,6o), 






a = 


(0,a ), 


b = 


(0,6o), 


ao <o fro 


or 


a = 


(l,Oi), 


b = 


(1A), 


ai <i fei 



Proposition 3.17 ^4o x Al is a prime system. Its domain is 
\Ao x Ai\ = {({0} x d) U ({1} x e) | d E \A \ A e e |A|} 
Theorem 3.18 x is continuous on (PSys, <). 

Proof: It is easy to show that x is continuous in its first and second argument, using 
Lemma 13.121 ■ 



Function space — ► 

Definition 3.19 Let A = {A,] A ,< A ) and B = (B,^ B ,< B ) be prime systems. (We 
leave out the indexes in the following.) 
We define A^ B = (C,t,<): 

C = A x B, where A is the set of all finite subsets of A that are pairwise consistent 
and incomparable, A = {X C A \ X finite and Va, b E X. a] b /\ (a < b =>- a — b)}. 
Let (X,a),(Y,o) E C. 

(X, a) t (Y b) (X]Y a]b), 
where X]Y Va E X,b EY. at 6. 

(X, a) < (Y, 6) <£> Y < X and a < 6, 
where Y < X <£> Y C X|, i.e. Va E Y. 3b E X. a < b. 

Proposition 3.20 A — > B is a prime system. 
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Proof: 

| is reflexive and symmetric. < is reflexive. 

< is antisymmetric: 

Let (X,a) < (Y,b) and (Y, b) < (X,a). We show (X, a) = (Y,b). 

We have a < b and b < a, so a = b. 

From X < Y and Y < X we conclude X C Y: 

Let x G X. There is ?/ £ F with x < y, and x' G X with y < x'. So x < x', and x = x' 
by the condition on X. Hence x = y G Y. 
Similarly we conclude 7CI. 

< is transitive: 

Let (X,a) < (Y,b) < (Z,c). We show (X, a) < (Z,c). 

We have a < b < c, so a < c. From Z < Y < X we conclude Z < X: 

Let z <E Z. There is y G F with z < y, and x G X with y < x. 

It remains to show: If (X, a) | (Y,b) and (Z, c) < (Y,6), then (X, a) | (Z,c). 
Suppose X\Z. Then X | F: Let x G X, y G F. Y < Z, therefore 3z G Z. y < z. It 
is x t -2, hence x j 

We get a ] b and c < b, therefore a] c. ■ 

The elements of A — ► <B correspond to the continuous functions from domain |^4| 
to \B\. 

Proposition 3.21 Let rE \A—*B\. Then |r| : |^4| — > ^wen &y 
|r|(d) = {a | 3X C d. (X,a) G r} /or d G |^| 
a continuous function from the domain \ A\ to \B\. 

Proof: We show \r\(d) G \B\. 

\r\(d) is consistent: Let a, 6 G \r\(d). There is X C d with (X, a) G r and Y C d with 
(Y, 6) G r. As (X, a) | (Y, 6) and X | Y, we conclude a]b. 

\r\(d) is downward closed: Let b G |r|(d) and a < b. There is Y C d with (Y, 6) G r. It 
is (Y, a) < (Y, 6), so (Y, a) G r and a G |r|(d). 

|r| is monotonic, obviously. 

\r\ is continuous: Let D be a directed subset of |^4|. 

(J \ r \(d) = {a\3d e D. 3X C d. (X, a) G r} 

= {a | 3X C (J-D. (X, a) G r}, because the X are finite 
= \r\({jD) 

■ 

For epos (D, C) and (E, C), let ([-D — > E],C.) be the cpo of continuous functions 
from D to E, ordered pointwise by C. We will also write / : D — > _E for / G [D — > £], 
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and / : D -> F -> F for / G [£> -> [F -> F]]. For / : £> -> F and d E D we will 
usually write / d instead of f(d), as in the syntax of the lambda calculus. Here also 
application is associated to the left, i.e. f d e = (/ d) e. We will frequently write r d 
instead of |r|(d). It is clear from the context that the function between domains is 
meant. 

Proposition 3.22 Let f : |„4| — > \B\ be monotonic and A be the set of primes of A. 
Then the prime set of /, 

Pr(f) = {(X,a)\X EA A a E /(XI)}, 

is an element of \A — > B\. 

Proof: 

Pr(/) is consistent: Let (X, a), (Y, b) E Pr(f) and assume X]Y. Then (XUF)lG |„4|. 
As a E f{X[) and 6 E f(Y I), we have a, 6 G /((X U by monotonicity of /. 

Therefore a f 6. 

Pr{f) is downward closed: Let (X, a) and (Y, b) be primes of A — > B, (Y, b) E Fr(/) 
and (X, a) < (Y, b). From Y < X follows F|C X|. Then b E /(X|), as b E f(Yl) and 
/ is monotonic. As a < b, also a E /(XI) and (X, a) G Pr(f). ■ 

Theorem 3.23 For a// prime systems A, B the map 

\.\:(\A^B\,c)^([\A\^\B\],c) 
is an isomorphism of epos. The map Pr is its inverse. 

Therefore the complete primes and isolated elements of [\A\ — > \B\] are the images 
under \.\ of the corresponding elements of \A—>B\. 

Proof: We show that for all r G \A — > B\, Pr(\r\) = r: 

(X, a) E Pr(\r\) <£> a E |r|(XI) 

BY C XI . (Y, a) G r 

(X, a) G r, because (X, a) < (Y, a) and r is downward closed 

We show that for all / G -> |Fr(/)| = /: 

Let A, F be the set of primes of A and B, resp. Let G |»4| and a E B. 

a E \Pr(f)\(d) 3X C d. X E A A (X, a) E Pr(f) 

3X C d. X E~A A a E f(X[) 
<^> a E f(d) 

We prove the last equivalence: 
=>- : XI C d and / is monotonic. 
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<*= : Let D = {Y[ \ Y finite and Y C d}. D is a directed set in |,4|. U D = d. Since / 
is continuous, there is some finite Y with Y C d and a G f(Y[). Let X be the set of 
maximal primes of Y. We get X C d, X G A, FJ = X| and a G /(XI). 

So the map |.| is one-to-one, Pr is its inverse. It remains to show that |.| and Pr 
respect the partial order C: 

For all r,s G \A ^ B\ : r C s ^ Vd G |r|(d) C |s|(d) 

=>- is obvious. 

4= : Let (X,a) G r. Then a G |r|(X|). As a G |s|(Xl), there is Y C XI with 

(Y, a) G s. As y < X, also (X, a) G s. ■ 

Theorem 3.24 — > zs continuous on (PSys, <). 

Proof: 

1) — > is monotonic in its first argument: 

Let Ao = (Aq, to, <o) < -4 = (-4o>to><o)> «4i = (^i,ti,<i) be prime systems and 
A Q ^A 1 = (B, t, <), - A = (5', f, <')■ 
We have to prove: Ao ^ A± < A' Q ^ A±. 
First we show: B = A^ x A ± CA^ x A ± = B' . 

Let X eA~ Q . For all a, b G X: a to b and ( a <o 6 a = 6). Therefore X eA^. 
Now let (X,a),(y&) G 5. 

(X,a)t(y,&) ^ 
<^> 
<^> 

(X,a)<(y,fe) ^ 

2) — > is continuous on prime sets in its first argument: 

Let Ao <! <! • • • be an tu-chain of prime systems with At = (A, ti, <i), an d S be a 
prime system. 

Let (X, b) be a prime of (UiA) — > Then X G UA- Since X is finite, X C A n 
for some n. For all a,c G X , a ] n c and (a < n c a = c), because *4. n <j U« A%. So 
X G A n and (X, b) is a prime of Ui(-4i — > i3). 

3) — > is monotonic in its second argument: 

Let .Ao = (A),to,<o), A\ = (Ai,ti,<i) <! A[ = (A[, Y ± , <[) be prime systems and 
A ^Ai = (B, t, <), Ao -> A[ = (B', f, <')■ We have to show: Ao -> «4i<A -> -4'i- 
5 = ^xA 1 C4xA' 1 = B'. 



(X to y a Ti 6) 
(X to V a ti 6) 
(X, a) f (y 6) 
y <o X and a <i 6 
y < X and a <i 6 
(X,a) <' (y,6) 
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Now let (X,a),(Y,b) G B. 

(X,a)UY,b) & (XUY aUb) 

& (X To Y a ti b) 

<£> (X, a) Y (Y, b) 

(X, a) < (Y, b) Y < X and a < x 6 

<£> y < X and a <i 6 

^ (X,a)<'(y,o) 

4) — > is continuous on prime sets in its second argument: 

Let Ao<Ai<...bean c<>chain of prime systems with Ai = (A, ti, <*)> and £> = (5, | 
, <) be a prime system. 

The set of primes of B — > (UiA) is -B x (UiA) = Ui(-B x A), the set of primes of 

U(B->A)- ■ 



4 Denotational semantics 
4.1 Semantics of types 

We give a semantic interpretation of the type trees of as prime systems. So we do 
not solve recursive domain equations directly, but define the semantics of a recursive 
type r G by the semantics of its unfolding r*. 

Definition 4.1 The sequence of maps V n : — > PSys, n > 0, is defined inductively 
by: 

V (<t) = ± for all a G T^, 

P n+ i(void) = ±, 

V n+1 (a @ t) = V n {cr) @ V n (r) for @ G {+, x, ^} and a,r G T^. 
Define -P^cr) as the prime set of Vi(a). 
Proposition 4.2 For all a G T^, n > 0: V n (a) < V n+1 (a). 

(This proposition depends only on the monotonicity of the operations +, x, — > on prime 
systems.) 

Proof: by induction on n. Trivial for n — 0. 

Now assume that for some n > 0: Vcr G X^. V n {p) < V n+ \{a). 

We prove P n +i(<7) < V n+ 2{(?) for all cases of <r: 

V n+1 (vo\d) = ± < 7 ? „+ 2 (void). 

P n+1 (a @ r) = P n (<r) @ 7> n (r) <P n +i(^) @ K+i(r) = V n+2 {a @ r) for @E {+, x,-}. 
■ 

This permits to give the semantics of type trees: 
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Definition 4.3 Define the map V : -> PSys by P(<t) = Ui^i(^)- 
P(er) is the set of primes of 

Proposition 4.4 

P(void) = JL 

V(a@T) = V{a) @V(t) for @e {+, x,^} and a,r 6T m 

(This proposition depends on the continuity of the operations +, x,— > on prime sys- 
tems.) 

Proof: Clearly P(void) = _L. 

V(a@r) = \J(V i+1 (a@r)) 

i 

= \J(Viia)@Pi(T)) 

i 

= (UW)@(UW) 

i i 

= Via) @ V(t). 



Definition 4.5 The domain for a type tree a G is -D CT = |P(<t)|, 
the domain for a type a G is -D CT = |P(<7*)|. 

For d G -Do-, cr G T^, we define the n-th projection of as d| n = d fl P n (cr). 

Note that the primes of P(cr) are expressions of finite size and therefore structural 
induction may be applied to them. More precisely: For a prime a G P(er) let level(a) 
be the least % such that a G Pj(cr). 

If (0, a) G P(<7 + r), then a G P(cr) and level(a) < level(0, a). 
If (1, a) G P(<7 + r), then a G P(t) and level(a) < level(l, a). 
The same holds for a x r instead of cr + r. 

If (X, a) G P(<7 — > r), then for all rr G X: rr G P(cr) and level(x) < level(X,a), and 
a G P(t) and level(a) < level(X,a). 

Therefore definitions and proofs for primes may be given by induction on their parts 
with smaller level. 

4.2 Semantics of terms 

We will define the semantics function S for terms. As usual we need environments: 
Let V = U r eT c V T be the set of all term variables of any type. An environment is a 
function e : V — > Uo-eT c D a such that e(x a ) G D a for all x a G V. Pnw is the set of all 
environments. It is a cpo under the pointwise order C. Its least element is denoted by 
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_L, -L(x) = _L for all x. For any environment e, e[x \— > d] is the environment e' with 
£'(x) = d and = e(y) for y ^ x. 

For every constant c we will give a continuous function on domains. This function 
is then transformed by Pr into an element of the prime system corresponding to the 
type of c. We need versions of Pr for functions with 2 and 3 arguments: 

Let / : \A\ — > (|£>| — > |C|) be continuous for prime systems A, B, C. Define Pr 2 (/) G 
\A-> (B ->C)\ by Pr 2 (/) = Pr(Pro /), where (/ o a)x = f(g(x)). Note that Pro / 
is continuous since Pr is continuous as an order isomorphism. It is (Pr 2 (/)) ab = 
\(\Pr 2 (f)\a)\b = fab. 

Let / : \A\ — > — > (|C| — > |£>|)) be continuous for prime systems A, B, C,V. 
Define Pr 3 (/) G |^4, — > — > (C — > V))\ by Pr 3 (/) = Pr(Pr 2 o /). Note that Pr 2 o / is 
continuous as Pr 2 is continuous. It is (Pr 3 (f)) abc — \(\(\Pr 3 (f) \ a)\b) \ c = fabc. 

Definition 4.6 We define the semantics function S : T — > (Pnr — > Uo-eT c Ar) by 
structural induction on the term argument. We write S{M] and <SfM]£, for M G T, 
e G Env. It is «S[M] G [Env — > P> CT ] for M : cr, see the following proposition. 

5[case CT)Te ]£ 



^[pcase^Je 



5[pair aiT ]£ 
«S[snd CTiT ]£ 



= Pr(0), with : D a -> P> CT+T 

0d = {0}U({0} x d) 

= Pr(l), with 1 : D T -> P> CT+T 

ld= {1}U({1} x d) 

= Prs(case), with case : -D CT + r — > Po-^g — > P 



P>, 



_L, if d = ± 
casedfg=\ |/| e , if d = Oe 
|g|e, if d = le 
= Prs(pcase), with pease : Pcr+ r — > P e — > P e — > P e 

{6 fl c, if a = _L 
6, if a = Oa' 
c, if a = la' 
= Pr2(pair), with pair: P CT — > P r — > P CTX t 

pairde = ({0} x d) U ({1} x e) 
= Pr(fst), with fst:D aXT ^D a 

fst(pairde) = d 
= Pr(snd), with snd : D aXT ^ D T 

snd (pair d e) = e 
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S[x]e 
S\\x a .M]e 



= JL 



e(x) 

Pr(d G Da i — > S[M](e[x i-> d])), 

where (d G -D i— > exp) denotes the function 

that maps each d G -D to exp 



5[MiV]£ = |5[M]e| (5[JV]e) 

Proposition 4.7 For a// terms M : ip, S{M] G [Fnr -> D^]. 

Proof: by structural induction on M. 
• Let M be a constant: 

It is easy to check that the given function on domains is continuous and that the 
semantics of M is in the appropriate domain. We show this only for M = pcase CT : 

pease is monotonic (and continuous) in its first argument, since b fl c C 6 and 
6 H c C c. pease is continuous in its second (third) argument: This is clear for the 
cases a = Oa' and a = la'. In the case a — _L it follows from the continuity of fl. Now 
pease : -Dcr +r — > _D e — > D e — > -D e is continuous, therefore 



If pcase^ : V, then ^ « (<7 + r) -> g -> g, and SJpcase^J G [£nv -> A/,]. 

• Let M = a;' 7 : 

cSjx "] = (e i— > e(j; fr )) : Fnr — > Do- is continuous. 

• Let M — Xx a .N : cr -> r: 

Then JV : r, and «S[AT] G [Fnr — > _D r ] follows by induction hypothesis. Let £ G 
and / = (d G D a i— > «S[AT](£[a; i— > d])). / is continuous, because e[x i— > .] and «S[iV] are 
continuous. So / G [D a — > D T ], and 



5[Aa;.iV]£ = Pr(d G £> CT i-> <S[7V](£[x i-> d])) 

C Pr(rf G A, i-> 5[JV](e'[a; i-> d])), as <S[7V] and Pr are monotonic 
= 5[Ax.iy]e' 



5[pcase CT)T j£ = Pr 3 (pcase) G |P((o" + r)*) - ?V) - ?V) - 7V)I 



(o-+r)->e->e->e- 



5[Ax.iV]£ = Pr(f) G |P(<7*) - P(r*)| = D a 



It remains to show that <S[Aa;../V] is continuous. 
It is monotonic: Let e, e' G Env and e C e'. Then 



Let E be a directed set of environments. 



S{\x.N\{{Js) = Pr(d e D a ^ SIN]((\J e)[x ^ d})) 

e€E s£E 
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= Pr{de D a ^S[N\(\J(e[x^d\))) 

e€E 

= Pr(d e D a i — > (J S[N](e[x d})), as S[N] is continuous 

e€E 

= [J Pr(d G D a i — > S{Nl(e[x i— ► d])), as Pr is continuous 
= (JS[Ax.iV]£ 

• Let M = NP, N : a — > t, P : a: 

By induction hypothesis we have S{NJ G [Env —>■ D a ^ T ] and <S[P] G [Pnw — > P CT ]. Let 
£ G Pnu Then \S{N]e\ G P> CT -> D T and <S[P]e G P> CT , hence SfNPje G D T . «S[iVP] 
is continuous because <S[iV], <S[P] and |.| are continuous. So we get <S[iVP] G [Pni> — > 
DJ. ■ 



4.3 Soundness of the semantics 

We show that reduction does not change the semantics of terms. First we prove the 
Substitution Lemma. 

Lemma 4.8 (Substitution Lemma) 

S[M[x:=N]]e = SlMj(s[x » S[N]e]), 
for all appropriately typed terms M, N, and all e G Env. 

Proof: by induction on the structure of M, see Lemma 2.12 of |Gun92j . ■ 

Theorem 4.9 (Soundness) IfM,Ne T and M ^* N, then S{M] = SfNj. 

Proof: It is clear that the semantics of a term is not changed by replacing a subterm 
by a term with the same semantics. We have the properties: 

5[M] = S[M'] => S{MNj = S[M'N] 
S{N] = S[N1 S{MN] = S{MN'] 

S[M] = S[M'] => SlXx.M] = SlXx.M'j 



So if S[M\ = S{M'}, then <S[C[M]] = «S[C[Af']] for any context C[\. 

It can be easily checked that each reduction rule does not change the semantics. For 

the /3-rule this follows from the Substitution Lemma. ■ 
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5 Approximation Theorem 

For every term M we will define a set A(M) of normal forms that approximate the 
reducts of M. A(M) can be seen as the syntactic value of M or the Bohm tree of 
M. We will prove the Approximation Theorem: «S[M]e = LUe.A(M) Thus the 

semantics of M is entirely determined by the normal form approximations of M. 

There are three methods in the literature to prove the Approximation Theorem: 
|Ber79l Th. 3.1.12] proves it for PCF and |Wad78] for the untyped lambda calculus, 
both with the aid of a labelled A-calculus. [MP 87] proves it for the untyped A-calculus 
by two other methods: by an intermediate semantics and by inclusive predicates. We 
will give an inclusive predicate proof, modified for the recursively typed A-calculus and 
prime systems. 

First we use the constant Q to define the usual f2-prefix partial order on terms: 

Definition 5.1 For every a G T^, -< is the least relation on T a satisfying: 

Q -< M for every M eT a , 

x -< x for every variable or constant x, 

M -< M' Xx.M -< Xx.M', 

M -< M' A N -< N' > MN < M'N'. 

If M, N 6 T ff have an upper bound under -<, then MUN is defined as their least upper 
bound. 

It is clearly: M < N S{Mj C S{Nj. 

Definition 5.2 Let a G T^. M a is the set of normal form terms of T a . Normal forms 
are denoted by A,B,.... 
Let A G K, M G %. 

A is a direct approximation of M, A < M, iff VA^. (M ^* N =^> A -< N). 
A is an approximation of M, A < M, iff 3A^. M — N and A < N. 
A(M) denotes the set of approximations of M. 
We abbreviate SfMje = \J a <mS[A]e. 

A direct approximation of M conveys a fixed syntactic information about M: It is 
in normal form and is part of all reducts of M. If A < M and M — >* N, then A < N. 
We want to show that A(M) is an ideal. Therefore we need the following lemma, which 
relies on the fact that all applicative terms have a normal form. 

Lemma 5.3 If A < M and B < M , then AU B exists and is a normal form, and 
AUB <M. 

Proof: A U B exists because A -< M and B -< M. Now assume that A U B is not a 
normal form. Then there is an occurrence u in A U B such that (AU B)/u is & redex. 
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First assume that it is a /3-redex: (A U B)/u is of the form (Xx.N)P. Then either 
A/u is of the form (Xx.N')P' , or -B/u is of this form. This contradicts the assumption 
that A and B are normal forms. 

Now assume that (A U B)/u is a redex of a constant, corresponding to one of the 
rules (caseO) - (pease— >). Let L = M/u. Let Ui, 1 < % < n, be a sequence of all the 
outermost occurrences of A-abstractions in L. Let Xj, 1 < i < n, be a sequence of 
distinct variables that do not occur in L. (The type of Xi should be that of L/ui.) Let 
K = L[ui <— xi, . . . , u n <— x n ]. K is an applicative term, i.e. it does not contain any 
A-abstraction. As — > is strongly normalizing (noetherian) on applicative terms, there 
is a normal form K' of K, K — >* K' . It is L = K[xi. = (L/ui), . . . ,x n : = (L/u n )], the 
result of the replacement of the Xj by L/ui. Let L' = K'[x\.—{L/u\), . . . , x n :—(L/u n )). 
Then L — >* L' . As K' is a normal form and the L/ui are A-abstractions, V is not a 
redex of a constant. 

It is M ^* M[u <- V], as L ^* L'. As A<M and B<M, we have AU5 ^ M[u <- L']. 
Therefore (AUi?)/^ -< L'. This contradicts the fact that V is not a redex of a constant. 

So in every case we deduced a contradiction from the assumption that AL\B is not 
a normal form. Clearly A\J B <\ M. ■ 

Theorem 5.4 ^4(M) zs an ideal under -<, i.e. it is non-empty, downward closed and 
directed. 

Proof: We have Vt G A(M). 

A(M) is downward closed: If A < M and B -< A, then B < M. 

A(M) is directed: Let A<M and A' < M. There is N with M A" A A<N, and 
A' with M —y* N' A A' < A'. By confluence there is a term P with N ^* P and 
A' ^* P. Then A < P and A' < P. By the preceding lemma, A U A' is a normal form 
and AU A' < P. Hence A U A' < M. ■ 

With this proposition A(M) is an element of the ideal completion of M a (under -<); it 
can be seen as a Bohm tree of M. 

Let us first discuss our definition of approximation and compare it with different ap- 
proaches in the literature: 

1) The treatment of PCF in |Ber79j is different: The approximations are obtained by 
reducing only (3- and F-redexes. The constants are treated like variables; redexes 
of rules for constants are not reduced. They are only interpreted semantically in 
the Bohm tree. This approach is only possible because the reduction of constant 
redexes can be postponed after the reduction of (3- and F-redexes. In our case 
constants operate on higher order types as well, therefore the reduction of constant 
redexes is intertwined with /^-reduction. 

2) A(M) is not minimal: In many cases there is a proper subset of A(M) with the same 
semantics; e.g. for M = Xx.Q or M = QN the approximation Q is sufficient. A(M) 
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was defined to give "all possible" normal form information about M. The questions 
arise: In which sense is A(M) maximal? [My conjecture is: For every directed 
set S of minimum normal forms of M (def. below), if S has the same semantics as 
A(M), then S C A(M).] Is a smaller set of approximations definable with the same 
semantics, that gives a substantially stronger Approximation Theorem? 

In the presence of parallel operations there is in general no least approximation with 
the same semantics: Consider 

M = Ax. pease x (case x fl (Ay.l)) 1 : bool — > bool. 

«S[M]± is the function that maps 1 i — >■ 1, i — >■ J Both Ax.pcasefi (casexfi (Ay.l)) 1 

and Ax. pease x Q 1 are minimal approximations of M with the same semantics as 
M. 

3) In the presence of pease it is not possible to define the approximations by an analogue 
of head normal forms. We will make this statement precise after the proof of the 
Approximation Theorem. We will also give analogues of head normal forms for the 
sequential calculus without pease. 

We now prove two useful lemmas about approximations. 

Lemma 5.5 If M { N , then A(M) = A(N) andS\M\e = S{N}e. 

Proof: Let M ->* P <-* N. Assume A < M. Then there is W with M ->* W and 
A < M'. By confluence there is L with M' ->* L <-* P. Then A<L and A<N. This 
shows A{M) C A{N). Symmetrically A{M) D A(N). ■ 

Lemma 5.6 Let cMi . . . M n be a term where c is a constant and there are no reducts 
M, M'. 1 < i < m < n, with cM[ . . . M' m a redex. Then 

3[cMx . . . M n \e = (S[c}±) (SlMje) . . . (3[M n ]e). 
Proof: 

~S[cM 1 ...M n ]e = \J{S[A]e\A<cM 1 ...M n } 

= Ui^Mi • • • A 4 £ \A l <M l f\ ... f\ A n <M n } 
= (S[c]±) (5[Mi]e) . . . (SlM n ]e) 

We have used the fact that A <l cM\ . . . M n iff A = cA\ . . . A n with some Ai <l Mf, as 
no cMi . . . M m , m < n, can be reduced to a redex. ■ 

Theorem 5.7 (Approximation Theorem) For all terms M and environments e: 
S[M\e = S{M\e. 
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S{Mje C S{Mje follows from 5[A]e C S{Mje for A < M. This is a consequence 
of soundness and of monotonicty of S w.r.t. -<. We want to prove the remaining 
inclusion <S[M]e C «S[M|e by structural induction on M. Therefore we use inclusive 
predicates (logical relations), also used in [MP87] to prove the analogous theorem 
(limiting completeness) for the untyped A-calculus. We define the inclusive predicates 
on the sets of primes P(cr) of the type interpretations V(cr): 

Definition 5.8 For every o G T^ and e G Env we define a relation < £ C P{u) x T a . 
a < a £ M is defined by structural induction on a, i.e. in terms of propositions a' < T £ M', 
where a' is a part of a with smaller level. 
There are the following cases for a and the primes: 

a = T + g : < T £ +S M ^ OG S[M\e 

(0, a) < T £ +e M & (0, a) G S\M\e and a < T £ Out0{M) 

1 < T £ + e M & 1 G S[M\e 

(1, a) <+ e M & (1, a) G 3>[M]e and a <| Outl(M) 

where OutO(M) abbreviates the term case M (Xy.y) fi, 
and Outl(M) the term case M Q {Xy.y). 

a = T x q: (0, a) < T e xe M <=> (0, a) G 5[M]e and a < T £ fst M 
(1, a) < T e xs M <=> (1, a) G 3[Af]e and a <| snd M 

a = r -> e : (X, a) <p e M ^ (X, a) G 5[M]e and 

ViV G T T . (X < T £ N a<l MN) 



For every set X of primes X < T £ N means: V6 G X. b < T £ N . 

Intuitively a < £ M means that a G «S[M]e and that the relation is maintained in 
all contexts formed by OutO, Outl, fst, snd and application on related arguments. 

We have to prove a few lemmas for the Approximation Theorem. 



Lemma 5.9 If a <b and b < £ M , then also a < £ M. 



Proof: by structural induction on b. In every case we have a G «S[M]e. 

• a — t + g : 

The case a = 0, b = (0, b') is clear. 

Now let a = (0,a% b = (0,U). Then a' < b' and b' < T £ Out0(M). By induction 
hypothesis follows a' < T £ Out0(M). 

The cases a = 1, b = (1, b') and a = (1, a'),b — (1, b') are analogous. 

• o = t x q is like a = t + g 
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• a = t — > g : 

Let a = (X, a'), b = (Y, V). It is Y < X and a' < V . 
For all N G T T the following implications hold: 

X <l N =>■ Y <l N, by induction hypothesis 
b' < 8 £ MN, as (y, b') < M 
=>■ a' <| MX, by induction hypothesis 

Therefore a = (X, a') <% M. ■ 
Lemma 5.10 If a < a £ M and M [N, then also a N. 
Proof: by structural induction on a. 

We have S[M\e = 2>[N]e by Lemma ESI therefore a G 2>[N]e. 

• a = t + q : 

Let a = (0, a'). Then a' <^ OutO(M). By induction hypothesis follows a' < T e OutO(N), 
so a <^ N. 

a = (1, a') is analogous. 

• cr = r x q is like a = r + £>. 

• a = r — > £> : 

Let a = (X, a'). For all P G T r : 

X < P ^ a' <l MP, as a < M 

=> a' < e £ NP, by induction hyp., as MP j XP 

Therefore a <" N. ■ 
We also need the new notion of passive term: 

Definition 5.11 A term M is a redex part iff M = Xx.N for some x and X, or there 
is some typed left-hand side L of a rule (caseO). . . (pease— >) and a subterm P of L such 
that P ^ P P is no variable and M is obtained from P by replacing variables by 
terms of the same type. 

This means: M is a redex part iff M is of one of the following forms: 

Xx.N, 0, ON, 1, IN, 

pair, pairXi, pairXxX 2 , fst, snd, 

case, case (OX), case (OXi) X 2 , case (IX), case (1X X ) X 2 , 

pease, pease X 1; pease X x (0X 2 ), pease X x (1X 2 ), pease X x (X 2 , X 3 ), 

pease Ni X 2 with X 2 : r — » g, pease X x X 2 X 3 with X 2 , X 3 : r — > 

(Note the type restrictions of the last two forms: They are parts of the left-hand side 
of rule (pease— >).) 

A term M is called passive iff there is no redex part X with M — >* X. 
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No reduct of a passive term is able to interact with a context in the reduction of a 
redex. Simple examples of passive terms are the variables. The following two lemmas 
state the needed properties of passive terms. 

Lemma 5.12 

1) If M is passive and MN ^* P, then P = M'N' with M ^* M' and N ->* N' . 

2) If M is passive, then MN is also passive for all N . 

3) IfM is passive, then SfMNje = |5[M] £ | (S[N]e) for all N. 

Proof: 

1) The proof is by induction on the length n of the reduction MN ^* P. 
It is clear for n — 0. 

Induction step: Let MN ^* P — > Q be a reduction of length n + 1. By induction 
hypothesis P = M'N' with M ^* M' and N ^* N'. M' is no redex part. Therefore 
either Q = M"N' with M' -> M" or Q = M'N" with N' -> jV". 

2) Let MiV ^* P. By part 1) we have P = M'N' with M ^* M'. As M' is not a 
redex part, P is not a redex part either. (There is no rule with a variable- applying 
left-hand side xM x . . . M n .) 

3) For all A we have: 

A < MN 3P MN ^* P A A < P 

<£> 3M', JV'. M ->* M' A iV ^* JV' A A < M'N', by part 1) 
3M', iV', P, CM -'.I/' A .V ->* JV' A 
A = PC A P < M' A C < iV', 

<= by part 1), as M' is passive 
3B,C. A = BC A B <M A C <N. 

From the direction follows: SfMNje C |5[M] £ | (5[iV]e). 
The direction •<= gives: 

|3[M]e| (3[JV] e ) = | (J S[B]e\ ( (J 5[(7|e) 

= U U S l BC \ £ i b y continuity 
C S[M7V] £ , from . 



Lemma 5.13 If M <E T a is passive and a E SfMje, then a < a £ M . 

Proof: by structural induction on a. 
• a = r + g: 

The lemma is clear for a = and a — 1. 
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Now let a = (0, a'). As M is passive, M will not reduce to the form 0M' or 1M' . 
Therefore OutO(M) = case M(Xy.y) Q is passive, too. 

a' G case (S[M]e) (S[\y.y]e) (5[Sl]e), as a G S{Mje 
= 5[case M(Xy.y) Qje, by Lemma 15.61 
= S{OutO{M)]e. 

By the induction hypothesis we get a' < T £ OutO(M). 
The case a = (1, a') is analogous. 

• a = t x g is like a = r + g. 

• a = r — > £>: 

Let a = (X, a'). 

Let N £ T T and X X. Then MX is passive by Lemma 2). 
(X, a') G S[M]e and X C SfNje imply 

a' G \S{ M l £ \ (Sl N h) = 3[MN]e, by Lemma EM 3). 
By induction hypothesis we get a' <§ MX. 

Thus we have shown a < £ M. ■ 

We need a special lemma for pease giving its properties with respect to the inclusive 
predicates. It must be proved by induction on primes. Note that such a lemma is not 
necessary for the other constants. 

Lemma 5.14 

1) I/O G S\M \e and a < a £ M 1 , then a < a £ pease M M 1 M 2 . 

2) Ifle 5[M ]£ and a <% M 2 , then a < a £ pease M M 1 M 2 . 

3) If a <% Mi and a <% M 2 , then a <% pease M M 1 M 2 . 

Proof: We abbreviate M = pease M M 1 M 2 . 

1) The proof is by structural induction on a. 

If M ^* OMq for some Mq, then M — >* Mi, and a <^ M follows from Lemma 

Em 

We assume in the following that not M — >* OMq. (Also M — >* IMq is not possible 
because of G «S[M ]e.) 
We give a case analysis on a: 

• a = t + g : 

Let a = (0, a') : 

a) We assume Mi ^* 0M( and M 2 ->* 0M^ for some M[. 
Then M ^* (pease M M[M^). 
(0,o ; ) < Mi implies a' < Out0{Mx). 
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From Lemma EM and OutO{M x ) ^* M{ follows a' < T £ M[. 
The induction hypothesis gives a' < T £ pease M M(M 2 . 
Therefore a' G S[pcase M M(M^]e and 

(0,a') G (3[pcase M MjM£]e) 

= 5[0 (pease M M[M 2 )je, by Lemma EH 
= S[M]e, by Lemma ES3 
Furthermore a' < T £ OutO(M), as OutO(M) ^* pease M M[M^, by Lemma EH 
b) We assume that not (M x ^* 0M{ and M 2 ^* OMQ for any M[, M' 2 . 

Together with the assumption (not Mo — >* OMq) there is no reduct of M that is 
a redex. Then 

a G pease (S{M je) (S[Mi]e) (5[M 2 ]e) = S[M]e, by Lemma EU 
M is passive (note that Mi, M 2 are not of functional type). By Lemma [5. 131 we 
get a < a £ M. 

The case a = is contained in the proof for a = (0,a'), and the cases a = 1, 
a = (I, a') are analogous. 

• a = t x g is like cr = r + £>. 

• a = t — > g: Let a = (X, a'). 

With the assumption (not M ^* OMq) there is no reduct of M that is a redex. 
Then 

a G pease (5[M ]e) (S[Mi]e) (S[M 2 ]e) = S{M]e, by Lemma ESI 

It remains to show: ViV G %-. (X < T £ N a' <| MiV). 

It is MN = pease M M 1 M 2 N pease .\/„U/| .Y)( .U,.Y). We get: 

X < T e N => a' <f MiiV, as (X, a') < Mi 

a' <f pease M (MiX)(M 2 iV), by induction hypothesis 
a' <f MX, by Lemma I5TTU1 

This concludes part 1) of the lemma. 

2) Part 2) is analogous to part 1). 

3) The proof is by structural induction on a. 

If M ^* OMq for some Af£, then M ->* Mi, and a <^ M follows from Lemma 

Emu 

If M ^* 1M^ for some M^, then M ^* M 2 , and again a < a £ M. 

We assume in the following that neither Mo — >* OMq nor Mo ^* IMq. We give a 

case analysis on a: 

• a = r + g : 

Let a = (0, a'). 
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a) We assume M x ^* 0M[ and M 2 ^* 0M' 2 for some M[,M^. 
Then M ->* (pease M M[M^). 

From a <^ M 1? a <^ M 2 we conclude by Lemma 15.101 that a' <^ M{ and 
a' < T £ M' 2 . 

By induction hypothesis a' < T £ pease M^M^M^. As in part 1) we conclude a < £ 
M. 

b) We assume that not (Mi ^* 0M( and M 2 ^* OMQ for any M(, M 2 . 
As in part 1) we conclude a < £ M. 

The case a = is contained in the proof for a = (0, a'), and the cases a = 1, 
a = (I, a') are analogous. 

• a = r x g is like cr = r + g. 

• a = t — > g : 

The argumentation is just the same as in part 1), except that we conclude: 

X < T E N a! <% M\N and a! <% M 2 N. ■ 

In the following lemma we collect all the properties of the relations < £ on elements 
of D a that we need in the proof of the Approximation Theorem. 

Lemma 5.15 (Inclusive Predicate Lemma) In the following d is an element of 
D a , D T , or D Q , and M,N G T ff . 

1) i_<M. 

2) a = t + g: 

Od < T £ +S M ^ OdC S{M]e and d < T £ OutO(M) 
Id < T e +s M Id C S{M]e and d < e e Outl(M) 

3) a = r x g : 

d < T £ Xg M d C ~S\M\e and 

fstd < fst M and sndd <£ snd M 

4) a = t -> g: 

d < T £ ^ e M d C 5[M]e and 

Ve G -D T , iV G T r . (e < iV \d\e <£ MiV) 

5j Lei n > and c be a constant of type a = T\ — > . . . — > r n — > o ; snca £/ia£ t/iere zs 
no reduction rule for c with less than n arguments. Then «S[c]_L <^ c z/f 

dj Miforl<i<n => {S{cj±)d 1 ...d n <| cMj . . . M„. 

flj If d < £ M and M I N, then also d <° N. 

7) If M e% is passive and d C 5[M]e, t/ien d M. 

5j If G 5[M ]e and d < a £ M 1} then d <" pease M M 1 M 2 . 

9) IflE S{M }e and d M 2; tnen d < a £ pease M M 1 M 2 . 
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10) If di < a £ Mi and d 2 < a £ M 2 , then d x H d 2 < a e pease M MiM 2 . 

Note: The parts 6) and 7) of this lemma replace the Lemma 5 of the proof of the 
Approximation Theorem for the untyped A-calculus in |MP87j . A condition for the 
recursively typed A-calculus corresponding to that of Lemma 5 would be too compli- 
cated. 

Proof: 1), 2), and 3) are simple consequences of the definition of < a e . 

4) : d C S\M\e is clear. 

Now let e G D T , X G % and e <\ N. 
Let a G \d\e. Then there is X C e with (X, a) G d. 
From (X, a) <p e M and X < T £ N follows a <| MN. 
<= : Let (X, a) G d. We show: VX. X < X a <£ MX. 

Let e = Xj. By Lemma ESI we get e < T E N. Then a G \d\e <f MX. 

5) The proof is by induction on n. Note that £ may be a functional type that varies 
with n. n = is clear. 

Now assume the proposition for c is true for some n > 0; we prove it for n + 1: 
5[c]± < e CT c 

iff ^ Mi for 1 < i < n (S{c}±)d 1 ...d n <^+i-*e C M X ... M n , 

by induction hypothesis 
iff d, <l* Mi for 1 < i < n (5[c]±)tZi ...d n C 5[cMi . . . M n ]e and 

(d n+ i M n+1 ^ 

(5[c]±)di . . . d n+1 <| cMi . . . M n+1 ), 

by part 4). 

LemmaEHsays S\cM 1 . . . M n je = (5[c]±)(^[Mi]e) . . . (5[M n ]e), therefore {S{cj±)d 1 ...d n C 
S\cM 1 . . . M^e is fulfilled. 

6) Follows from Lemma 15.101 

7) Follows from Lemma 15.131 

8) , 9) and 10) follow from Lemma [5.141 ■ 

The Approximation Theorem would be proved if we could show that <S[M]e < a e M 
for all M G T a . We will now prove, by structural induction on M, a stronger statement 
in order to handle free variables in the case of abstraction. 

Lemma 5.16 (Approximation Lemma) Let M G T a , e G Env, (1 < i < n, n > 
0) be a sequence of distinct variables, di G D ai and Xj G T ai for all i. 
If di <^ Xj for all i, then 

S[M\{e[ Xl ^d 1; ...,x n ^d n ]) < M[x 1 :=N 1 ,...,x n .=N n }. 

Here e[x\ \— > d±, . . . , x n i— > d n ] is the environment that maps x to e(x) if x ^ Xi for all 
i, and Xi to di. M[xi:=N±, . . . ,x n :=N n ] is the result of the simultaneous substitution of 
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the N{ for the free occurrences of Xi in M, with appropriate renaming of bound variables 
ofM. 

Proof: by structural induction on M. 

For any e' G Env we abbreviate e' = e'[x\ \— > di, . . . , x n i— > d n ], and for any term L we 
write L = L[xi.—Ni, . . . , x n :—N n ]. 

We cite the parts of the Inclusive Predicate Lemma simply by part i). The use of parts 
1) - 5) should be obvious and is often not mentioned. 

• m = n-. s[n\s = _i_ < a 

• M = 0, a = r -»• (r + g) : 

To show S[0]S <% 0, we prove d < T £ N Od < T e +e ON. 

We have Od C 0(5[iV]£) = S[0iV]k- Furthermore d Out0(0N) by part 6), as 
Out0(0N) AT. 

• M = 1 is analogous. 

• M = case, a = (r + £>) — ► (r — > ip) — > (g — > — > t/> : 
To show iS[case]e <^ case, we have to prove: 

d < T £ +e M A d 1 M 1 A d 2 M 2 casedod x d 2 <f case M MiM 2 . 

This is clear for do — -L 
Now let d = 0d . 

a) We assume M ^* OMg for some M„. 

As d x < T ^ Mi and d Out0(M ), we get 

case d did 2 = <e M 1 {OutO{Mo)). 

We have case M M X M 2 ^* MiM and M x {OutO[Mo)) MlMq, 
so casedod\d 2 <f case M MiM 2 by part 6). 

b) We assume that not M 0JW£ for any Mq. 

M — >* IMq is also impossible. So there is no reduct of case M MiM 2 that is a 
redex. 

From Lemma [5.61 we conclude: 

case dod x d 2 C case (S[M ]e) (3[Mi]e) (5[M 2 ]e) 
= S[case M MiM 2 ]e. 

Furthermore case M MiM 2 is passive, and case dod\d 2 <f case M MiM 2 follows 
from part 7). 

The case do = l^o * s analogous. 

• M — pease, o = (t + g) ^ ip ^ ip ^ ip : 
We have to prove: 

d < T £ +e Mo A d x <f Mi A d 2 <f M 2 =>> pease dod x d 2 <f pease M MiM 2 . 
For do = -L we have pease dod\d 2 = d\ H d 2 . The result follows from part 10). 
For do = 0d we use part 8), for do = ld' Q part 9). 
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• M — pair is like M = 0. 

• M — fst, (J = (r x — > r : 

d <^ xe N ^ fstd < T £ fst AT follows directly from part 3). 

• M — snd is analogous. 

• M = x : 

If x — Xi for some i, then <S[x]£ = di < £ iVj = x. 

Now let x ^ xi for all i. Then <S[x]£ = £(x) C <S[x]£. x is passive. From part 7) 
follows <S[x]£ <l x. 

• M = NP, where N : t —> a and P : r: 

By induction hypothesis we have <S[iV]e < T ! T" J N and «S[P]e < T £ P. 
Therefore \S[N]e\ (S{P]e) < a £ NP, by part 4). 
Thus we get S{NPje <% WF. 

• M = Xx r .M\ a = r -> q: 

We may assume that x is no Xi and x does not occur free in any iVj. (x can be renamed 
by a-conversion.) 

First we prove that S[Xx.M']s C S[Ax.M']e. 

<S[Ax.M']£ = Pf<deD T h->5[M'](s[a;i->d])) 

= Pr(d G D T I— > «S[M'](£[x 1— > d])), as a; is no Xi 
C Pr(d G D T 1— > 5[M 7 l(e[a; i-> d])), 

as <S[M'](£[x 1— > d]) <fr xl _ >< fl M' by induction hypothesis 
= Pr(deD T ^ |J S{A](e[x ^ d})) 

= |J Pr(deD T ^ S{A\{e[x ^ d\)) 

= \J_S[Xx.A]e 

A<M' 

= U S[B\e, 

B<a\x.M' 



as A < M' <^ Xx.A < Xx.M' = Xx.M', since x is no x^ 



Now we prove that: d < T £ N \S{M]e\ d <§ MJV. 

|5[M]e|d = S[M'](e[x» d}) 

= S{M'](e[xi 1— > di, . . . , x n 1— > d n , x 1— > d]), as re is no Xj 
<| M'fxi^A 7 "!, . . . , x n :=N n , x:=N], by induction hypothesis 

Furthermore we have: 

~MN = (Xx.W)N, as x is no X; 

-> (M'[x 1 :=N 1 ,...,x n :=N n ])[x:=N] 

= M'[x\:—Ni, . . . , x n :=N n , x:=N], as x is not free in any iVj 
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From part 6) follows |«S[M]e| d <£ MN. ■ 
Proof of the Approximation Theorem: 

«S[M]e C <S[M]e follows from «S[M]e <° M, which holds by the preceding lemma. ■ 

Corollary 5.17 For all terms M and environments e: 

S\M\e = \J{SlA]e \ A is a normal form and 3N. M —>* N A A ~( N} 

Proof: «S[M]e C the right-hand side, and the right-hand side C «S[M]e. I 

Note: The original paper |Wad78j gives a definition of approximations in the form of 
this corollary, for the untyped A-calculus. 

Corollary 5.18 The semantics of the fixed point combinator 
Y a = Xy u ^ a .(Xx.y(xx))(Xx.y(xx)) is 

SlY a }e = Pr(f G » (J /»(±)), 

n>0 

so \SlY a \e\f is the least fixed point of\f\. 

Proof: The approximations of Y a are just the terms Xy.y n Q, with y°Q = Q and y n+1 Q = 
y(y n n). 

SlY a ]e = SlY a ]e 

= \JS[Xy.y n n]e 

n>0 
n>0 

= Pr(f e » (J f n (±)) 

n>0 

■ 

Let us continue our discussion of the definition of approximations. In the case of 
the untyped A-calculus [Bar84j it is possible to define least approximations via head 
normal forms. Let us look at this approach more abstractly: We are given a set H 
of normal forms with the property: If A £ H and A -< M, then A < M. This means 
that an if -prefix of a term M does not change by reductions of M. In the case of 
the untyped A-calculus H is the set consisting just of Q and all terms of the form 
Xxi . . . x n .yAi . . . A m with A4 G H. We define 

S H [M]e = \J{S[A]e \ A e H and 3iV. M — N A A -< N}. 

H should fulfill: S H \M\e = <S[M]e for all M,e. We show that a set H with this 
property and the property above does not exist for our calculus with pease: 
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Let M = pease x Q. It is M ^ H, because of the first property of H and as not 
M < pease a; 0. For all A -< M with A^Mwe have 5[A](±[a: i-> 0]) = _L. Therefore 
«S H [M](_L[x i-> 0]) = JL ^ = S[M\(±[x i-> 0]). 

Let us now consider the sequential calculus without pease. In this case we can define 
two sets H with the desired properties. 

Definition 5.19 A normal form A is a minimum normal form (mnf) iff for all B -< A: 
S\B\ = S[A] =► B = A. 

A normal form A is a constant normal form (enf ) iff 

A = Q or A = Xx 1 . . . x n .yAi . . . A m , 

where n > 0, m > 0, y is a variable or a constant ^ {fi, pease}, the Ai are enfs and for 
y E {fst, snd, case} and m > 1 it is Ai ^ f2. 

Constant normal forms resemble the normal forms of H defined by head normal forms 
above, for the untyped A-calculus. 

Lemma 5.20 Every minimum normal form without pease is a constant normal form. 

Proof: Suppose A is a normal form without pease that is no cnf. We show by structural 
induction on A that A is no mnf. 

We have A = Xxi . . . x n .yAi . . . A m , n > 0, m > 0, y a variable or a constant, and one 
of the following three cases: 

1) y — Q and (n > or m > 0). 

Then Q -< A, Q ^ A and = S[A], so A is no mnf. 

2) Some is no cnf. 

By induction hypothesis Ai is no mnf. Then also A is no mnf. 

3) y is fst, snd or case and Ai = VL. 

Then S[A\ = S{Qj, A is no mnf. ■ 

Lemma 5.21 If A is a constant normal form and A -< M , then A < M. 

Proof: We prove: If A is a cnf, A -< M and M — > AT, then A -< A r , by structural 
induction on A. (The lemma follows by simple induction on reductions M — iV.) 
The case A = f2 is clear. 

Now let A — Xx 1 . . . x n .yA x . . . A m . Then M = \x x . . . x n .yM x . . . M m with A* ~< Mi 
for all i. 

The term yM\ . . . M m is no redex: 

This is clear if y is a variable or 0, 1, or pair. 

If y = fst or y = snd, and m > 1, then A 1 ^ f2 and A x is not of the form pair A' A". So 
Mi is not of this form either. 
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If y = case and m > 1, then A\ ^ Q and A\ and M\ are not of the form OA' or 
Thus there is some j with Mj -> iVj and N = Xx x . . . x n .yM x . . . Mj-iNjM j+1 . . . M m . 
By the induction hypothesis we get Aj -< Nj, therefore A -< N. ■ 

By this lemma the set of cnfs (and the set of mnfs) has the first of the two properties 
of H. We define two new approximation sets for terms: 

B(M) = {A | A is a mnf and 3N. M ^* N A A -< N} 
C(M) = {A | A is a cnf and 3iV. M ->* iV A A -< N} 

For the sequential calculus without pease we have: 

B(M) C C(M) C A(M). 

The first inclusion follows from Lemma 15.201 the second from Lemma 15.211 

B{M) C ^l(M) is not valid for M = pease x 0: We have pease xOtt E B(M), but 

pease xOtt g A(M). 

In every case, also for pease: 

S[M\e = (J 5[A]e C |J S[A]e for all e e Env. 

AeA(M) AeS(M) 

This is because for every normal form A there is a mnf B -< A with 5 [A] = 5J-B]. 
We combine these results with the Approximation Theorem: 

Theorem 5.22 In the sequential calculus without pease: For all terms M and envi- 
ronments e, 

|J S[A]e= (J SlA}e = S{Mj6 = SlM]e. 

With this theorem the set of mnfs and the set of cnfs both have the second property 
oiH. 

[My conjecture is that in the sequential calculus B(M) is the least approximation 
of M with the same semantics as M. More precisely the conjecture is: Let I be an 
ideal of normal forms such that for all A G / there is iV with M —>■* N and A -< N, 
and 5 [Ml = \J AeI S[A]. Then B(M) C /.] 

6 Adequacy and full abstraction 

The classical semantical analysis of the programming language PCF |Plo77j proceeds 
as follows: The closed terms of the ground type integer are singled out as programs. 
Programs are regarded as the only terms whose syntactical values (integers) can be 
observed directly. All other terms must be observed through program contexts. If the 
semantics of a programm M is an integer value i, then M can be reduced to i. This 
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result is called the adequacy of the semantics. Then an operational preorder is defined 
on terms: M C N iff for all contexts C[ \ such that C[M] and C[N] are programs, if 
C[M] ^* i, then also C[N] ^* i. If <S[M] C S[jV], then M Q N; this follows from 
soundness and adequacy. The converse, /it// abstraction, is not true for sequential PCF, 
but holds for PCF with a parallel conditional. 

We follow the same programme for our recursively typed A-calculus. We choose 
the closed terms of type bool = void + void as our programs. Thus the observable 
non-bottom syntactical values are the terms of the form OM or 1M. We have chosen 
the smallest type with more than one element. (Any non-functional, non-trivial type, 
built from + and x only, would do as well.) 

Definition 6.1 The set of programs is Prog = T^ ooi . 

We define the operational evaluation function O : Prog — > -Dbooi by 0[M] = if 
M ->* OM', 0\M\ = 1 if M ->* 1M', for some M' , and 0\M\ = JL otherwise. 

We want to prove adequacy (that the reduction of a program reaches its semantic value) 
from the Approximation Theorem of the preceding chapter. We need the following 
lemma: 

Lemma 6.2 Let o e T^ and A G M a be a normal form with S\A\A_ ^ _L. 
If a = t + g, then A = OA' or A = 1A' for some A' . 
Ifa = rxg, then A = pair A' A" for some A', A". 

Proof: by structural induction on A. 

We suppose A is of type r + g or r x g. Then A = cA 1 . . . A n , n > 0, with c a constant 
and the A^ normal forms. We give a case analysis on c: 

c = 0, 1 or pair: The lemma is fulfilled. 

c = fst or snd: 

Then n > 1. <S[A|_L ^ _L implies <S[Ai]_L ^ _L implies A\ = pair A' A" by induction 
hypothesis. Then A is no normal form. 

c = case : 

Then n > 3. S[A]± + JL implies 5[Ai]± ^ JL implies A x = 0A[ or A x = 1A[ by 
induction hypothesis. Then A is no normal form. 

c = pease : 

Then n = 3. If «S[Ai]± 7^ J_, then A x = OAi or A x = lAi by induction hypothesis and 
A is no normal form. 

If <S[Ai]J_ = J_, then S[A]± = S{A 2 ]± n ^ J_. 

If cr = r + ^, then by induction hypothesis either (A 2 = 0A' 2 , A 3 = 0A' 3 ) or (A 2 = IA' 2 , 
A3 = 1A' 3 ). In both cases A is no normal form. 

If <7 = r x g, then by induction hypothesis A 2 = pair A^Ag and A3 = pair and A 
is no normal form. M 



Theorem 6.3 (Adequacy) For all M E Prog: 0{M\ = S[M\±. 



6 ADEQUACY AND FULL ABSTRACTION 



42 



Proof: 0{M\ C S[M\± follows from soundness: If M ^* OM', then S{M]± = 
S[0M']± = 0; and if M ^* 1M', then <S[M]± = <S[1M']± = 1. 
It remains to show the adequacy: «S[M]_L C 0[M|. 

Suppose «S[M]_L = 0. By the Approximation Theorem there is an approximation 
A <l M with <S[A]J_ = 0. From the preceding lemma follows A = OA' for some A', 
therefore 0{M\ = 0. Analogously S[M]± = 1 implies 0{M\ = 1. ■ 

Note that this theorem is also valid for the sequential calculus without pease. It 
can also be proved directly using the inclusive predicate technique, with a proof a bit 
easier than the proof of the Approximation Theorem, e.g. the passive terms are not 
needed. 

Now we define the operational preorder on terms, based on the observation of terms 
through program contexts. 

Definition 6.4 Let M,N e %. M □ N iff for all contexts C[ ], such that C[M) and 
C[N] are programs, 0[C[M]] C 0[C[N]] holds. 

Theorem 6.5 (Full abstraction) For all M,N e %: M C iV iff ' S\M] C S[N\. 

The direction "If «S[M] C S\N\ then M C A^" follows easily from soundness and 
adequacy: 0[C[M]] = 5[C[M]]± C S[C[N]]± = 0[C[N]]. This holds also for the 
sequential calculus without pease. In this case the contexts are restricted. Therefore 
the opposite direction is not valid for the sequential calculus, as can be shown by the 
same example as in [PTo77j . 

For the proof of the opposite direction (for the parallel calculus) we prove a lemma 
that states the definability of all finite elements of the semantics. 

Lemma 6.6 (Definability) For all finite d G D a there is a closed term M e T£ with 
S{M}± = d. 

We recall that finite elements are the elements that are downward closures of finite sets 
of primes. In our term construction we use the following parallel function and instead 
of pease: 

and : bool — > bool — > bool, defined as 
and = Axy. pease xy 1. 

Here and in the following we interpret the Boolean value as true and 1 as false, and 
chose the names of our functions accordingly. (We made this choice in order to interpret 
case like if-then-else, with the second argument as true-part and the third argument 
as false-part.) The semantics of and fulfills: (<S[and]i_)00 = 0, («S[and]_L)l_L = 1, 
(«S[and]_L)_Ll = 1. Here we show that all finite elements are definable from and and 
the sequential constants. In the next chapter we will show that also pease (which is 
not finite) is definable from and. 
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Proof: We have to introduce some notions first. A term C : bool is called a condition 
iff for every environment e: 



The semantics of a condition is so "dense" that it gives the value 1 for every environment 
that cannot be enlarged to give the value 0. 

A conditioned prime is a pair C^a of a condition C and a prime a. In the course of 
our construction the condition of C^a will be used to accumulate a term that checks 
function arguments. The intuitive semantics of the "mixed term" C-^a is the prime a 
for every environment e with <S[C]£ = 0. For a set P of primes, Cond(P) is the set of 
all conditioned primes C^a with a £ P. 

A set X of conditioned primes is called consistent iff for all C^a,C'^a f G X holds: 
(Be. S\C\e = S{C'\e = 0) a] a'. 

For M <E %, X C Cond(P(a)) finite and consistent, we define a predicate term: 

M termX iff S[M]e = {a | 3C. (C->a) G X A S[C]e = 0}| for all e. 
For M G 7^L, booh X C P(er) finite and consistent, we define a predicate eq: 



where d ^ X means: 3a G d, b G X. not a j 6. 
We prove for every n > and every cr G T^: 

1) For every finite and consistent X C Cond(P n (a)) there is M G T ff with M term X. 

2) For every finite and consistent X C P n (<r) there is M G 7^ boo! with M eqX. 

We use abbreviations for the following function terms: 

if = Xxyz.case x (Xw.y) (Xw.z) : bool — > cr — > a — > o" 
not = Ax. if x 10: bool — > bool 



or = Xxy.not (and (notrr) (not?/)) : bool — > bool — > bool 

The semantics of or is: (5[or]±)ll = 1, («S[or]_L)0_L = 0, (<S[or]±)±0 = 0. 

The proof of statements 1) and 2) is by simultaneous induction on n: 
n = 0: 1) X = 0. n termX. 

2) X = 0. (Xx.0) eqX. 



(W D e. S[C\e' ^ 0) S[C\e = 1. 




0, if X C d 

1, ifdfX 
_L otherwise 
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Induction step: 

1) Let X C Cond(P n+ i(a)) be finite and consistent. We construct M term X by case 
analysis over a. 

• a = void: X = 0, il term X. 

• a = r + g: 

Define the condition sets C° = {C \ 3a> 0. (C^a) G X} and 
C 1 = {C\3a> 1. (C->a) G X}. 

Define the term M : bool as M = 1 for C° = 0, otherwise as M = orC? (orC£ . . . C°) 
for some enumeration {C°, (7°, . . . , C°} = C°. Analogously, Mi is defined as an or-term 
of the elements of C 1 . 

Let X° = {C^a | (C->(0,a)) G X} and X 1 = {C^a | (C->(l,a)) G X}. It is X° C 
Cond(P n (r)) and X 1 C Cond(P n (g)), both are finite and consistent. By the induction 
hypothesis there are terms X G T T , Ni G T e with X term X° and Ni term X 1 . 
We build the term 

M if.U, (0X o ) (if Mi (lXx) Q) 

and show that M term X, 

i.e. for all e, 5[M]e = F| with F = {a | 3C. (C->a) G X A S[C\e = 0}: 

* S[M]e C Fj: 

Let a G «S[M]e. We show a G Y[ in each of the two cases: 

a) S[M ]£ = 0: Then a G (5[iV ]e)- 

First let a = 0. There is some C G C° with S[C]e = 0. (C->a') G X for some 
a' > 0, therefore G FJ,. 

Now let a = (0,a'). Then a' G <S[X ]£. Since X term X°, there is (C->a") G X° 
with 5[C7]e = and a' < a". (C->(0, a")) G X, therefore (0, a') G Fj. 

b) S[M ]£ = 1 and 5[Mi]e = 0: Then a G 1 («S[JVi]e). 
Analogously to case a) we show that a G Fj. 

* S[M]e D Fj: 

Let a G F, i.e. (C^a) G X and S\C\e = for some C. We show a G «S[M]e in each 
of the four cases: 

a) a = 0: 

C G C°, therefore <S[M ]e = and G 5[M]e. 

b) a = (0,a'): 

Again C G C°, therefore S{M ]e = and <S[M] £ = 0(<S[X o ]£). (C^a') G X°, 
therefore a' G <S[X ]£, as X term X°. It follows (0, a') G 5[M]e. 

c) a = 1: 

Then C G C 1 , therefore SfM^e = 0. 

We show that S[M ]e = 1, i.e. for all C G C°: S[C'\e = I. Here we use the fact 
that C is a condition: 
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Let e' D e. Then SjCje' = 0. «S[C"]e' = would contradict the consistency of X, 
as C G C 1 and O G C°. Therefore S[C']e' + 0. We conclude S\C'\e = 1. 
So we have S[M ]£ = 1, 5[Mi]e = and 1 G 5[M]e. 

d) a = (l,a'): 

As in case c) we have S{M ]e = 1, 5[Mi]e = and 5[M]e = 1 («S[#i]e). 
(C->a') G X 1 , therefore a' G S[JVi]e, as N x termX 1 . It follows (l,a') G S[M]e. 

9 (J — T X Q\ 

Let X° = {C^a | (C->(0,a)) G X} C CW(P„(r)), and X 1 = {C^a | (C->(l,a)) G 
X} C Cond(P n (g)). Both sets are finite and compatible. 

By the induction hypothesis there are terms N , Ni with N term X° and iVi term X 1 . 
Let M = (iVo,iVi). 

S\M\e = pair(5[iV ]e)(5[JV 1 ] e ) 

= {0} x {a | 3C. (C->a) G X° A 5[C7]e = 0}| U 

{1} x {a | 3C. (C->a) G X 1 A 5[C7]e = 0}| 
= {a | 3C. (C->a) G X A 5[C7]e = 0}| 

* a — t — > q: 

Let X = {C— >(Yi, di) | 1 < % < k} be an enumeration of the elements of X. 

For all i, Yi C P n (r) is finite and consistent. By the induction hypothesis there is 

Ni eq Yi for all %. 

Let x be a variable of type r that does not occur free in any Cj. Let Dj = and Cj (Nix). 
We define Z = {D— >aj | 1 < i < A;} and first prove that Z C Cond(P n (g)) and Z is 
consistent: 

* Di = and Cj (Xjx) is a condition: 

Let £ be an environment such that for all e' ~D e, S{Di}e' ^ 0. We have to show that 
S[Di]e = l. 

Assume 5[Cje ^ 1. As Cj is a condition, there is e" D e with <S[Cj]£" = 0. Let 
£ ' = e"{x^Y t [}. 

Then SfCjJe' = 0, as x does not occur free in Cj. Furthermore S{Nix]e' = 0, as 
N eq Yi. Together we get SJAK = 0. 

Then e and e' cannot have an upper bound. (For such an upper bound 5 would be: 
5 D e and S[Di]6 = 0.) As e" D e, it must be e(x) f e'(x) = YJJ,. Hence SlNxje = 1, 
and we conclude <S[Dj]£ = 1. 

* Z is consistent: 

Let 5[A]e = S\Dj\e = for some i,j,e. Then 5[Ci]e = S[Cj]e = 0, hence (Y is a*) | 
(Y^a,). Also 5[Xjx]£ = S[Njx]e = 0, therefore Y~j C e(a:) and Y,- C e{x). So Y< | Yj 
and we conclude Oj ] dj. 
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We have proved that Z C Cond(P n (g)) is a finite, consistent, conditioned prime 
set. By induction hypothesis there is N term Z. Let M = Xx.N. We prove M term X, 
i.e. 

S\M\e = Pr(d G D T i — ► S{N](e[x i-> d])) = {(Y,a;) | 1 < i < k A 5[Ci]e = 0}| . 

C: Let (Y, a) G S[M]e. Then 

a G <S[X]( £ [x^ Yj]) 

= {a, | S[Di](e[x i-> Yj]) = 0}|, as N term Z. 

Let a < (a and S[A](e[s >-> Yj]) = 0. Then |<S[^]±| (Yj) = 0. Hence Y C Yj, as 
X; eg Y. So we get (Y, a) < (Y,aj). 
Furthermore e = S[Ci](e[x ^ Yj]) = 0. 

D: Let <S[C;]£ = 0. 

We have |«S[^]±| (Yj) = 0, as N> eq Y { . Therefore S[Di](e[x i-> Y j]) = 0. As 
X term Z, it is Oj G 5[JV](e[a: i-> Yj]). Hence (Y, a*) G 5[M]e. 

2) Let X C P n+1 (<r) be finite and consistent. We construct M eq X by case analysis 
over a. 

• a = void: X = 0, (Arr.0) egX. 

• cr = r + g : 

If X = 0, then (Ax.0) eqX. 

Now let a G X for some a > 0. Let Y = {a | (0, a) G X} C P n (r). By induction 
hypothesis there is some N with X eg Y. Take M = Xx.case x N 1. It can be easily 
checked that M eqX. 
The case a G X for some a > 1 is similar. 

• a = r x £>: 

Let X = {a\ (0, a) G X} C P n (r) and Xi = {a | (1, a) G X} C P n (g). 

There are X eq X and Ni eq X 1 by induction hypothesis. 

Let M = Xx.and (N (fstx)) (Xi(snd x)). We check easily that M eqX. 

• (T — T — > Q '. 

If X = 0, then (Ax.0) egX. 

Otherwise, let X = {(Y, Oj) | 1 < i < k} be an enumeration of X. 
Let Y/ = {0 — | £» G Y} C Cond(P n (r)) for all i, it is finite and consistent. By induction 
hypothesis there is A 7 * term Y/ for all i. Furthermore, by induction hypothesis there is 
Qi eq cii for all i. We define 

M = Xx.and (Q 1 (xN 1 ))(and (Q 2 (xN 2 )) . . . (Q k (xN k ))). 

We check that M eq X: Let d G D a . 
If X C d, then for all v. 

\S[Qi]±\ (\d\ (S[Ni]±)) = \S[Qi]±\ (\d\ (YD) = 0, as a t G \d\ (Y|). 
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Therefore |<S[M]i_| d = 0. 

If d X, then there is some j with d (Yj,aj), i.e. \d\ (Yj |) ^ Therefore 
|S[Q,]L| (\d\ (S[Nj]±)) = 1, and |5[M]±| d = 1. 

Otherwise, d | (1$, dj) for all i and (Y,-, aj) (jL d for some j. Then |«S[M]_L| d = _L. 

We have now proved statements 1) and 2) for all n and a. The lemma follows easily 
from 1): If d G D a is finite, it has the form d = X{ with X C P n (<r) for some n, X finite 
and consistent. There is a term M with M term {0— >a | a G X}, i.e. <S[M]_L = X|. ■ 

Proof of the Full Abstraction Theorem: 

It remains to show for all M,N G T a . If M C JV, then 5[M]e C 5[iV]e for all e. 
First suppose that M and iV are closed terms. 

Let a G «S[M]e. Define / = ({a},0)|G P^booi- By the Definability Lemma, there 
is P G ^L+booi with 5[P]_L = /. P[] serves as a context such that PM and PiV are 
programs. 

= S[PM]L = C[PM] C 0[PN\ = S[PN]±, therefore a G <S[A^]e. 

Now let M and N be terms with their free variables in {x±, . . . , x n }. We get Xxi . . . x n .M C 
Xxx . . .x n .N: For all contexts C[ ] apply the context C[\x\ . . . x n .[ ]] to M and AT. 
For the closed terms follows: «S[Axi . . .x n .M\e C «S[Axi . . . ar n .i\T]e for all e. Hence 
S\M\e C 5[iV]e for all e. ■ 



7 Interdefinability of constants 

Our first observation is that case can be defined from pease and outO, outl(see page [9] 
for the def. of outO, outl). We have 

5[case] = SjAx?/,?. pease x (pease x (y (outO x)) fi)(pcase xVl (z (outl x)))j. 

In the preceding chapter we used the function and : bool — > bool — > bool, de- 
fined as and = Xxy. pease xy 1, to build defining terms for all finite elements of the 
semantic model. Now we will show that also pease (whose semantics is not finite) is 
definable from and and the sequential constants. Compare the definition of PCF's 
parallel conditional in terms of the parallel or in [Sto91j . We assume a constant 
and : bool — > bool — > bool with the semantics: 

(5[and]L)00 = 0, («S[and]_L)l_L = 1, («S[and]_L)_Ll = 1. 

Without loss of generality, we will define only pcase void void a : bool — >• a — >• a — > a for 
all types a, and write simply pcase^. The general pease can be easily defined from this. 

In order to cope with recursive types, we have to extend the inductive definition 
of pcase^ to general type expressions a (with free type variables). Then we have to 
associate with each type variable t of a some type r and a term variable p : bool — > 
r — > t — >• r, that stands for the pcase T -function in its recursive definition. 
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So we are lead to define an operation Pcase(9, a) that produces terms for pease- 
functions. Its second argument is a type expression a G T^. The first argument is a 
partial map 9 : V T — > V from type variables to term variables, with 8(t) ^ 9(s) for 
t s. 9 is defined on a finite set of type variables that contains all free variables of a. 
9(t) must be of the type bool — > r — > r — > r for some type r. We associate with 6? the 
partial map : Vr — > defined by #(£) = r for 0(£) : bool — > r — > r — > r. Pcase(9, a) 
will be a term of type bool — > 0(er) — > 0(er) — > 0(cr), where is naturally extended to 
the substitution of free type variables of type expressions. [ ] is the totally undefined 
map. The notation 9[t h- > p] will be used as for environments. 

In the definition of Pease we use abbreviations for the following function terms: 

if : bool — > a — > cr — > cr 

if = Axyz.case a; (Xw.y) (Xw.z) 

not : bool — > bool 

not = Arc. if a; 1 

or : bool — > bool — > bool 

or = Axy.not (and (not x) (not y)) 

pc : bool — > bool — > bool — > bool 

pc = Xxyz.or (or (and x y) (and (not x) z)) (and y z) 

It is <S[pc]± = 5[pcase boo ,]±. 
sb : r + g — > bool 
sb = Ax. case x (Ay.O) (Ay.l) 

Pcase(9, a) is defined by structural induction on the type expression a: 
Pcase(9,t) = 9(t) 

Pcase(9, r + g) = Ax bo< V (T+e) <^ (T+0) .if (pc x (sb y) (sb z)) 

(0 (Pcase(9, r) x (outO y) (outO z))) 
(1 (Pcase(9, g) x (outl y) (outl 2))) 
Pcase(9, t x g) = \ x boo\ y 9{rx e ) z 9(rx e ) ^ Pcase ( d} r ) x ( fst y ) ( fst ^ 

Pcase(9, g) x (snd y) (snd z)) 
Pcase(9, r -> g) = \x^y°^d^ T ^w°( T \Pcase(6, g) x (p)(zw) 
Pcase(9,/it.T) = Y v (\p* .Pcase(9[t ^ p%r)), 

where 7r = bool — > 9(/j,t.r) — > 0(/x£.t) — > #(//£. r), 

and p 71 " denotes the first variable in V 71 " that is not in the image of 

Pcase(9, void) = f2 
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It is easy to show by induction that Pcase(9, a) : bool — > 9(a) — > 9(a) — > 0(er). 
In the case of the recursive type expression we have 

Pcase(9[t i— > p 71 ], r) : bool — > ,o — > ,o — > ,0 
with g = 9[t^p n ](r) 

= (6[t~0(jMt.T)])(T) 

= 9([}[t - ^t.r](r)) 
m 9(fit.r), 

so Pcase(9[t \— > p*],?") : 7r, therefore Pcase(9, fit.r) : 7r. 
Pcase(9, a) has the free variables for all t free in cr. 

Definition 7.1 Let / G -D boo |^ T ^ T ^ T for some type r. 

We say that / approximates the function pease to level n, app n (f), iS f cab D (pcasecab)\ 
for all c G -Dbooi and a,b <E D T . 

Lemma 7.2 Lei 0,<r fre admissible arguments in Pcase(9,a), as described above. Let 
n > and e be an environment with app n (e(9(t))) for all t free in a. 
Then for f = S{Pcase(9, a)]s we have app n (f). 

If a is not of the form jit\ . . . /it m .t, with m > 0, t a type variable and t ^ U for all i, 
then app n+l (f). 

Proof: by structural induction on a. 

• a = t: f = e(9(t)), hence app n (f). 

• a = t + g: 

We show app n+1 (f), i.e. f cab D (pease cab)\ n+ \ for all c G -Dbooi, a,b E D^ a y 

1) c= JL : 

The case a n b = _L is clear. 
Now let a = Oa', b = Ob'. 

f±(0a')(0b') = O((S[pcase(0,T)]e)±a'& / ) 

D ((a fl b')\ n ), by induction hypothesis 

= (aH&)| n+ i 

= (pease cab)\ n+ i 

The case a = la', b = lb' is analogous. 

2) c = 0: 

The case a = _L is clear. 
Now let a = Oa'. 

f0(0a')b = O((S[Pcose(0,T)]e)Oa'((S[outO]±)&)) 

D 0(a'\ n ), by induction hypothesis 

= a|n+i 

= (pease cab)\ n+ i 
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The case a = la' is analogous. 
3) c = 1 is analogous to c = 0. 

• a — r x q : 

We show app n+1 (f). For all c G -Dbooi, ai, &i € ^e(r) an d ^2,62 € we have: 

/ c (paira\a 2 ) (pair 6162) = £>air ((<S[Pcase(0, r)]e) cai &i)((<5> [Pcase(0, ca2 62) 

D pair (pease ca x b\)\ n {pease ca 2 b 2 )\ n , by induction hyp. 
= (pair (pease caibi) (pease ca 2 b 2 ) )| n +i 
= (pease c (pair a\ a 2 ) (pairb\b 2 ))\ n+ i 

• a = r — > : 

We prove app n+1 (f). Let c G -Dbooi and a, 5 G -D^fo-)- 
fcab = Pr(d G Dg (r) i-> (<S[Pcase(0, g)]e) c (a d) (fed)). 
Let (X, r) G (pease c a b) \ n +i- Then 

r G ((pcasecab) (Xl))\ n 

= (pcasec(a(X[))(b(X[)))\ n 

C (<S[Pcase(0, c (a (X|)) (6 (XJ.)), by induction hypothesis 

Hence (X,r) G f cab. 

• a = jit.r : 

1) We assume that r is noi of the form \xt\ . . . \xt m .s with m > 0, s a type variable, 
s 7^ t, and s 7^ U for all i We have to show app n+1 (f). 

1.1) We assume r = /i^ . . . fit m .t. 

Then 6(a) — a fx void, hence / G £>booi^void^void-void and app n+1 (f). 

1.2) Otherwise, r is not of the form fit\ . . . (J,t m .s with m > 0, s a type variable and 
s 7^ ti for all i. 

We have / = \J i>0 g l A- with g = \S\\p.Pcase(9\t 1— > p],r)]e|. 
We show by induction on i that app^g 1 !.) for < i < n + 1: 
app (g°±.) is trivial. 

Induction step: We assume app^g' 1 !) for some i < n. 
gi+ i ± = g ( gi± ) = S {Pcase(6[t ^ p],r)j(e[p ^ g *±]). 

By the general induction hypothesis (for the type expression r) we get app i+1 (g t+l _L) . 
Especially we have app n+1 (g n+1 _L) , hence app n+1 (f). 

2) We assume r = /iti . . . fit m .s with m > 0, s a type variable, s ^ t, and s ^ t; L for 
all i. 

Then / = 5[Pcase(^, s)]e = e(6(s)), so app n (f). 

• a = void : Trivial. S 
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Theorem 7.3 Let 9, a be admissible arguments in Pcase(9,a), as described above. 
Let e be an environment with e(0(t)) = «S[pcaseg^]_L for all t free in a. Then 
S\Pcase(9, a)]e = <S[pcase^]_L. Especially for all types a we have: «S[Pcase([], cr)]± = 
5 [pease,] ±. 

Proof: S\Pcase(9 1 a)]e D iSJpcase^J-L follows from the preceding lemma. 

Now let / = S{Pcase(9, cr)]e. We show / C Sjpcase^J-L by structural induction on 

a: 

• a = t: f = e(0(t)) = 5[pcaseg (t) ]±. 

• a = t + g : 

We show f cab <Z pease cab for all c G -Dbooi and a,b G Dg^y 

1) c= JL : 

For a n 6 = _L it is / _L a b = _L. 
Now let a = Oa', 6 = 06'. 

/±(0a')(0&') = 0{{S{Pcase{9,T)je)±a'b') 

C (pease _L a' 6'), by induction hypothesis 

= pease _L a 6 

The case a = la', 6 = 16' is analogous. 

2) c = : 

For a = JL it is /0±& = _L. 
Now let a = 0a'. 

/0(0a')& = O((5[Pcase(0,r)]e)Oa'((5[outO]±)6)) 

C (pease a' ((5 [outO]_L) 6)), by induction hypothesis 

= pease Oab 

The case a = la' is analogous. 

3) c = 1 is analogous to c = 0. 

• a = t x q : 

For all c G A,ooi, «i, &i £ ^(r) and °2> & 2 G 

fc(pairaia 2 ) (pairbib 2 ) = pair ((S{Pcase(9, r)]e) cai 6i)((«S[Pcase(#, ca2 62) 

C pair (pease caibi) (pease ca 2 b2), by induction hyp. 
= pease c (pazr ai a 2 ) (pazr 61 & 2 ) 

• a = r — > a : 

For all c G P>booi, a, 6 G and d G £^(t) : 

/ca6d = (5[Pcase(^,a)]£)c(ad) (bd) 

C pease c (a d) (b d) , by induction hypothesis 
= pease cab d 
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ma — fit.r : 

f is the least fixed point of g — \S{\p.Pcase(9[t i— > p],r)]e|. 
Let d = iSJpcase^ J_L. Then 

#d = 5[Pcase(0[* i->p],r)](e[pi-> d]) 

C «S[pcaseJ_L with £> = 0[£ i— > p](r) m 0(a), by induction hypothesis 
= d. 

Therefore / C d. 

• a = void : Trivial. ■ 



8 Conclusion 

We have given the syntax and reduction relation of a recursively typed A-calculus with 
a parallel conditional pease on all types. The calculus was proved to be confluent, 
with the aid of a general result on the confluence of the A-calculus with algebraic term 
rewriting rules. Our reduction relation simply defines the reduction of a redex in any 
context. It remains to define a reduction strategy that effectively finds the normal form 
approximations of a term. Such a strategy cannot prescribe deterministically which 
redex to reduce, as we have the parallel pease. Instead, it should give for every term a 
set of its outermost redexes to be reduced in the next reduction steps. Such a strategy 
could be given for general algebraic term rewriting rules. 

We unfolded the recursive types to (possibly infinite) type trees and interpreted 
these type trees as prime systems. With this interpretation of types, we gave a de- 
notational semantics of terms. The Approximation Theorem was the key result on 
the strength of reduction with respect to the denotational semantics: The semantics 
of a term equals the limit of the semantics of its normal form approximations. From 
this followed the adequacy of the semantics with respect to the observation of Boolean 
values: If the semantics of a program is or 1, then the program reduces to this value. 
Furthermore, we showed full abstraction of the semantics. To achieve this, the syntax 
must contain a parallel function like pease or and. These functions are definable from 
each other, so a calculus with the same expressive power could be given with reduction 
rules for and instead of pease. The same expressive power means that the same elements 
of the semantic model are definable in both calculi. The semantic model corresponds 
to the observation of Boolean values, as we have seen. There are other operational, 
intensional properties of the original pease that are not valid for the pease-function 
defined from and, e.g. the reduction pease OMN ^* M. The proofs of confluence 
and of the Approximation Theorem would be (slightly) easier for a calculus with and. 
Nevertheless, we preferred to make these investigations with a pease-calculus. 

Acknowledgements: I thank Reinhold Heckmann for carefully reading a draft of this 
paper. 



REFERENCES 



53 



References 

[AC90] R. M. Amadio and L. Cardelli. Subtyping recursive types. Report 62, Digital 
Systems Research Center, 1990. 

[Bar84] H. P. Barendregt. The Lambda Calculus. Its Syntax and Semantics. North- 
Holland, revised edition, 1984. 

[BC94] B. Blaaberg and C. Clausen. Adequacy for a lazy functional language with 
recursive and polymorphic types. Theoretical Computer Science, 136:243- 
275, 1994. 

[Ber79] G. Berry. Modeles completement adequats et stables des lambda- calculs types. 
PhD thesis, Universite Paris VII, 1979. 

[CC90] F. Cardone and M. Coppo. Two extensions of Curry's type inference system. 

In P. Odifreddi, editor, Logic and computer science, pages 19-75. Academic 
Press, 1990. 

[CC91] F. Cardone and M. Coppo. Type inference with recursive types: Syntax and 
semantics. Information and Computation, 92:48-80, 1991. 

[Cos89] S. Cosmadakis. Computing with recursive types. In Proc. Logic in Computer 
Science, pages 24-38. IEEE, 1989. 

[Gun92] C. A. Gunter. Semantics of Programming Languages: Structures and Tech- 
niques. MIT Press, 1992. 

[Hue80] G. Huet. Confluent reductions: Abstract properties and applications to term 
rewriting systems. J. of the ACM, 27(4): 797-821, 1980. 

[LW91] K. G. Larsen and G. Winskel. Using information systems to solve recursive 
domain equations. Information and Computation, 91:232-258, 1991. 

[MP87] P. D. Mosses and G. D. Plotkin. On proving limiting completeness. SIAM 
J. Comput., 16:179-194, 1987. 

[Mul92] F. Miiller. Confluence of the lambda calculus with left-linear algebraic rewrit- 
ing. Information Processing Letters, 41:293-299, 1992. 

[NPW81] M. Nielsen, G. Plotkin, and G. Winskel. Petri nets, event structures and 
domains, part I. Theoretical Computer Science, 13:85-108, 1981. 

[Plo77] G. D. Plotkin. LCF considered as a programming language. Theoretical 
Computer Science, 5:223-256, 1977. 

[Sto91] A. Stoughton. Interdefmability of parallel operations in PCF. Theoretical 
Computer Science, 79:357-358, 1991. 



REFERENCES 



54 



[Toy88] Y. Toyama. Commutativity of term rewriting systems. In K. Fuchi and 
L. Kott, editors, Programming of Future Generation Computers II, pages 
393-407. North-Holland, 1988. 

[Wad78] C. P. Wadsworth. Approximate reduction and lambda calculus models. 
SI AM J. Comput, 7:337-356, 1978. 



[Win93] G. Winskel. The Formal Semantics of Programming Languages. MIT Press, 
1993. 



